RE: [squid-users] ncsa_auth

From: Paolo Biancolli <PAOLO.BIANCOLLI@dont-contact.us>
Date: Tue, 21 Feb 2006 09:00:31 +0200

I am trying to run dual authentication, Active Directory
(squid_ldap_auth) and ncsa_auth. I have adapted another script suggested
by one of the other squid users (D Radel) where these dual auths are
used (using 2 different ADs though). My battle is getting the second
script to check the plain text password file for user name and password.
Below is a section of D Radel's email in response to my origional
query...

"Here is a solution that would work. You could call a custom script from
your squid.conf e.g.

My script goes something like this

    #!/bin/sh
    # read from stdin until EOF is received

    while read INP; do
    # Use username and password to authenticate against AD domain number
1
    DOMAIN1=`echo $INP | /usr/lib/squid/ldap_auth ....(edited)

    # User username and password to authenticate against AD domain
number 2
    DOMAIN2=`echo $INP | /usr/lib/squid/ldap_auth ....(edited)

    # If username and password is correct for either domain, output "OK"
    if [ "$DOMAIN1" == "OK" ]; then
        echo "OK"
    elif [ "$DOMAIN2" == "OK" ]; then
        echo "OK"
    else
        echo "ERR"
    fi
    done

The above script authenticates against one domain, and if fails it tries
the other domain. You could modify the second lookup in this script to
check against a plaintext file instead of a 2nd domain. Instead of
calling ldap_auth the 2nd time, call another custom script (call it
plaintext_check.sh or something) that checks the username and password
against a plaintext file and returns OK or ERR accordingly to the first
script (above). Modify above line to call your 2nd script:
    DOMAIN2=`echo $INP | /usr/share/custom_scripts/plaintext_check.sh`

Non-standard, but you could get it to work if you can write shell
scripts..
D.Radel."

Regards
Paolo Biancolli

-----Original Message-----
From: Mark Elsen [mailto:mark.elsen@gmail.com]
Sent: 20 February 2006 06:08 PM
To: Paolo Biancolli
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] ncsa_auth

> Hi all,
>
> I am trying to write a custom script which in part will use ncsa_auth
> as an authentication method. What I do know is that if I run
> "/usr/local/squid/libexec/ncsa_auth
/usr/local/squid/etc/password_file"
> and then an actual username and password from the password file (from
> the command prompt), I can test to see if the username and password
> are correct.
>
> Could anyone shed some light as to whether I can use the info given in

> the authentication box and use that as input for ncsa_auth in a
script.
> My scripting knowledge is not too great and nor my understanding of
> the intricacies of squid itself.
>

  -You seemingly want,to do, what Squid+NCSA_auth will do automatically
for you .. ??

M.
Received on Mon Feb 20 2006 - 23:59:42 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST