Sorry for the mixup on Squid versions. I'll be sure to upgrade to 2.5
ASAP - although I don't see that happening that soon.
I've written a perl script similar to the one referenced on Open2, but
it's a more general case (driver-based). The idea is to allow e-mail
based authentication as described on my original post, and allow each
"realm" to authenticate differently.
Currently only the LDAP driver is "completed" (haven't been able to test
SSL/TLS because of missing perl files that I've yet to find), and
works. BTW: If anyone would like to offer me a hand in fixing this I'd
be very grateful. The problem I run into is that 'randomize.al' is not
found on the includes, but it's not part of any RPM's that I can find -
and I'm reluctant to grab older implementations just to fill the gap.
I'm not a perl expert, so someone else will have to bash my head in on
the security holes that my script leaves (I'm sure there's many), as
well as my (more than likely) inefficient coding.
I see two additional drivers as being highly desireable:
External-Program and External-Pipe. The first one would invoke an
external program to execute each authentication (inefficient, but could
be useful). The second one would start the external process once and
pipe info to it just as squid would.
I've not worked on these much, and I'll probably have time for it until
the weekend.
Please look it over and send me your opinions.
The one drawback with this scheme is that it would NOT be possible to
have Squid be aware of the different realms - i.e., let users
authenticated on realm example-1.com through, but NOT users from
example-2.org. All the users would be generalized into one big
"authenticated users" group.
Best wishes, and thanks for your help!
On Wed, 2003-07-02 at 13:46, Henrik Nordstrom wrote:
> Search the Squid archives for Open2
-- =========================================================== * Diego Rivera * * * * "The Disease: Windows, the cure: Linux" * * * * E-mail: lrivera<AT>racsa<DOT>co<DOT>cr * * Replace: <AT>='@', <DOT>='.' * * * * GPG: BE59 5469 C696 C80D FF5C 5926 0B36 F8FF DA98 62AD * * GPG Public Key avaliable at: http://pgp.mit.edu * ===========================================================
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:49 MST