Re: [squid-users] Looking for authentication ideas

From: Matt Weisberg <matt_at_weisberg.net>
Date: Thu, 22 Oct 2009 14:58:44 -0400

I wish there was a simple answer, but it really doesn't matter what
directory you use, you won't be able to do that via LDAP auth. Squid
would have to maintain some sort of session table and prevent the
second authentication, which I'm pretty sure it doesn't today.

So the answer to your question is no, that is not true when doing LDAP
authentication against Novell eDirectory unfortunately (using a Novell
Client over an NCP connection you can limit concurrent logins).

Matt

On Oct 22, 2009, at 11:55 AM, skinnyzaz wrote:

>
> Thanks I am going to check out (PWM) for sure! Looks very handy. I
> am going
> to try to run it with my current Active Directory setup. But I have a
> question about the Novell server as I have never used it before. I
> would
> like to be able to stop people from logging into my squid server
> more than
> once. Right now using AD it is possible for 2 different people to
> login to
> squid at the same time using the same user name ans password. I
> heard a
> rumor :) that if I was using a Novell database I would be able to stop
> this..... is this true?
>
>
> Matt Weisberg wrote:
>>
>>
>> You might want to take a look at the open source Password Management
>> servlets (PWM), http://developer.novell.com/wiki/index.php/Pwm
>>
>> It was originally written as a password self-service system for
>> Novell
>> eDirectory, but it has a New User registration system and it now
>> works
>> against AD as well.
>>
>> I've typically used it in Identity Management setups, but I have a
>> customer using Squid with LDAP auth against Novell eDirectory and PWM
>> for password self-service. It works quite well. There is a demo
>> site
>> here: http://pwmdemo.weisberg.net/pwm/
>>
>> It is written in Java and runs nicely under Tomcat.
>>
>> Novell is shutting down their forge site, so the application will be
>> moving to Google's developer site soon (new name coming too since pwm
>> is taken).
>>
>> Also, eDirectory might not be a bad auth source as Novell offers a
>> free 250,000 object license for eDirectory:
>> http://www.novell.com/products/edirectory/customer_license.htm
>>
>> Matt
>>
>> On Oct 21, 2009, at 7:21 PM, skinnyzaz wrote:
>>
>>>
>>> Yes i realize that but it would be an internal site. Or I was also
>>> trying to
>>> figure out a way to have someone create a request then I authroize
>>> it some
>>> how. I was using AD for my squid authorization but i was having
>>> trouble
>>> creating the AD accounts password field via LDAP.....
>>>
>>>
>>> Amos Jeffries-2 wrote:
>>>>
>>>> On Wed, 21 Oct 2009 14:24:30 -0700 (PDT), skinnyzaz
>>>> <bradzazulak_at_gmail.com>
>>>> wrote:
>>>>> First I will let you know what I am trying to do. I am looking for
>>>>> some
>>>> way
>>>>> to have users create there own user names and passwords from a
>>>>> website
>>>> of
>>>>> some sort. And then have squid authenticate from the accounts
>>>>> created
>>>> from
>>>>> the website. I have been looking for a couple months but am
>>>>> starting to
>>>> run
>>>>> out of ideas. Does anyone have any idea of how this is possible?
>>>>
>>>> Your idea collapses into a simple case of: popup the auth login and
>>>> accept
>>>> anything that is entered.
>>>>
>>>> Squid bundles with fake authenticators for testing that does
>>>> exactly that.
>>>> For the older versions there is
>>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly
>>>>
>>>>
>>>> You seem to be stuck in the idea that having a auth popup alone
>>>> makes
>>>> things secure. The entire purpose of an authentication is to
>>>> control who
>>>> gets access. Allowing random people to add themselves anonymously
>>>> is not a
>>>> good idea.
>>>>
>>>> Amos
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Looking-for-authentication-ideas-tp26000513p26001776.html
>>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>>
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/Looking-for-authentication-ideas-tp26000513p26012559.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
>
Received on Thu Oct 22 2009 - 18:58:53 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 23 2009 - 12:00:03 MDT