Re: [squid-users] external acl code examples

From: E.S. Rosenberg <esr_at_g.jct.ac.il>
Date: Mon, 12 Mar 2012 11:38:57 +0200

So one thing that is not really clear to me, the external acl script
is running constantly and gets "sent" arguments on its' stdin or is
the script/program being called every time with the arguments you
define for it....
Thanks,
Eli

2012/2/29 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 29.02.2012 01:51, Erwann Pencreach wrote:
>>
>> Hi,
>>
>> I don't really understand the trick with the Id, but I'll have a look
>> at it
>
>
> Its a concurrency support. Allowing Squid to schedule more than one lookup
> at a time for the helper. You then add concurrency=N with some N value
> greater than 1 for the number of requests for Squid to queue.
>
>
>>
>> I wrote this script, because I wasn't able to get authentication
>> information from distant client or distant samba pdc (All tricks I have
>> found are for an configuration where Squid is on the same host as the
>> pdc). Password doesn't matter, but username is mandatory. When I have
>> username, I have some ldap checks to do, some whitlist and blacklist to
>> check.
>
>
> Something seems wrong there.
>
> For Squid lookup helpers to validate credentials the only requirement is
> that the backend accept validation requests from them. In the PDC case there
> may be some security around which servers are allowed to lookup user
> credentials, you need to ensure the Squid box (IP? security token?) is in
> that accepted set. It sounds to me like the default security at the PDC is
> for the localhost connections to be accepted, but not external servers.
>
> Certain of the Squid lookup helpers do need certain tools from Samba to be
> installed (ntlm_auth or winbind or smbclient) in order to run. But those
> tools are not the PDC, only other types  of lookup helper.
>
>
> Amos
>
Received on Mon Mar 12 2012 - 09:39:05 MDT

This archive was generated by hypermail 2.2.0 : Mon Mar 12 2012 - 12:00:04 MDT