Re: [squid-users] Looking for authentication ideas

From: skinnyzaz <bradzazulak_at_gmail.com>
Date: Thu, 22 Oct 2009 08:55:25 -0700 (PDT)

Thanks I am going to check out (PWM) for sure! Looks very handy. I am going
to try to run it with my current Active Directory setup. But I have a
question about the Novell server as I have never used it before. I would
like to be able to stop people from logging into my squid server more than
once. Right now using AD it is possible for 2 different people to login to
squid at the same time using the same user name ans password. I heard a
rumor :) that if I was using a Novell database I would be able to stop
this..... is this true?

Matt Weisberg wrote:
>
>
> You might want to take a look at the open source Password Management
> servlets (PWM), http://developer.novell.com/wiki/index.php/Pwm
>
> It was originally written as a password self-service system for Novell
> eDirectory, but it has a New User registration system and it now works
> against AD as well.
>
> I've typically used it in Identity Management setups, but I have a
> customer using Squid with LDAP auth against Novell eDirectory and PWM
> for password self-service. It works quite well. There is a demo site
> here: http://pwmdemo.weisberg.net/pwm/
>
> It is written in Java and runs nicely under Tomcat.
>
> Novell is shutting down their forge site, so the application will be
> moving to Google's developer site soon (new name coming too since pwm
> is taken).
>
> Also, eDirectory might not be a bad auth source as Novell offers a
> free 250,000 object license for eDirectory:
> http://www.novell.com/products/edirectory/customer_license.htm
>
> Matt
>
> On Oct 21, 2009, at 7:21 PM, skinnyzaz wrote:
>
>>
>> Yes i realize that but it would be an internal site. Or I was also
>> trying to
>> figure out a way to have someone create a request then I authroize
>> it some
>> how. I was using AD for my squid authorization but i was having
>> trouble
>> creating the AD accounts password field via LDAP.....
>>
>>
>> Amos Jeffries-2 wrote:
>>>
>>> On Wed, 21 Oct 2009 14:24:30 -0700 (PDT), skinnyzaz
>>> <bradzazulak_at_gmail.com>
>>> wrote:
>>>> First I will let you know what I am trying to do. I am looking for
>>>> some
>>> way
>>>> to have users create there own user names and passwords from a
>>>> website
>>> of
>>>> some sort. And then have squid authenticate from the accounts
>>>> created
>>> from
>>>> the website. I have been looking for a couple months but am
>>>> starting to
>>> run
>>>> out of ideas. Does anyone have any idea of how this is possible?
>>>
>>> Your idea collapses into a simple case of: popup the auth login and
>>> accept
>>> anything that is entered.
>>>
>>> Squid bundles with fake authenticators for testing that does
>>> exactly that.
>>> For the older versions there is
>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly
>>>
>>>
>>> You seem to be stuck in the idea that having a auth popup alone makes
>>> things secure. The entire purpose of an authentication is to
>>> control who
>>> gets access. Allowing random people to add themselves anonymously
>>> is not a
>>> good idea.
>>>
>>> Amos
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Looking-for-authentication-ideas-tp26000513p26001776.html
>> Sent from the Squid - Users mailing list archive at Nabble.com.
>>
>
>
>

-- 
View this message in context: http://www.nabble.com/Looking-for-authentication-ideas-tp26000513p26012559.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Thu Oct 22 2009 - 15:55:28 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 23 2009 - 12:00:03 MDT