On 9/03/2012 6:16 p.m., Brett Lymn wrote:
> On Thu, Mar 08, 2012 at 10:37:01AM +1030, Brett Lymn wrote:
>> 1) The credentials being passed to the upstream are not rewritten - if I
>> decode the basic auth it has my real password going to the upstream.
>>
> And scratch this one too... if I use:
>
> cache_peer upstream.proxy parent 8080 7 login=*:password no-query default
>
> along with the external acl the username rewrite happens[1] so now the
> silly upstream logging actually works for both basic& kerberos
> authentication.
>
> [1] see line 1628 in http.cc - there is a check for peer_login == * and
> then it checks if there is an external ecl rewrite for the login
> details.
Just below it on line 1644 was the case I was referring to where the
username and password are set by the helper. But the * case will suit as
well.
>
> Thanks for the patience& help Amos - I got there in the end.
Huzzah for happy endings :)
Amos
Received on Fri Mar 09 2012 - 11:53:19 MST
This archive was generated by hypermail 2.2.0 : Fri Mar 09 2012 - 12:00:03 MST