Re: [squid-users] deny_info page with passing login

From: Rafal Zawierta <zawierta_at_gmail.com>
Date: Fri, 29 Apr 2011 09:28:33 +0200

>> Or maybe (it will simplify all) - is it some method to get %LOGIN from
>> headers sent by browser (as it was said before - I use
>> squid_kerb_auth). In such case I don't need to pass anything special
>> with deny_info.
>
> Yes that is the better way to do all this. You wont be passing username
> un-encrypted.
>
> Just generate the error page using a background auth check in the page
> script to lookup the username from the Proxy-Authentication header received.
> You could even use squid_kerb_auth to do the sub-check, all it does for
> Squid is take a copy of the header line and pass back the username on
> success and error message fail.

Hmm...
So for example user is redirected via deny_info to
http://mydenyserver.com/index.php

And my page in php will exec squid_kerb_auth to receive username? You
mean something like this?

>
>  This may help:
> http://wiki.squid-cache.org/Features/AddonHelpers#Negotiate_and_NTLM_Scheme
>
>  "KK $header_content" is what squid_kerb_auth accepts,
>  "AF $username" is the success reply,
>  "BH $message" is the failure reply.
>
> Amos
Received on Fri Apr 29 2011 - 07:28:39 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 29 2011 - 12:00:05 MDT