> -----Original Message----- > From: Duncan Reed [mailto:duncanreed@xxxxxxxxx] > Sent: Friday, July 15, 2005 2:56 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: cache_peer authentication? > > > Hi all > > I'm a relative newbie, so be gentle when I'm dumb! > > I have a child proxy looking after part of a > network, and I have it set that it directs all > requests to a parent. I don't want the individual > clients to authenticate to that child proxy. > > However, I do want the child proxy to authenticate to > the parent. I can see from the documents how one would > control access based on IP address. > Look into the cache_peer directives. Something like... cache_peer parent.example.com parent 3128 7 no-query login=marketing:secret ...would authenticate against the parent proxy using the above credentials for all requests (and not do ICP queries). > Is there a way to handle this with a username/password > pair, and furthermore, manage that u/p pair through an > external helper (so I could store the u/p in MySQL for > example)? Assuming that this is an extension of the "child authenticates for all" question above, in the parent's squid.conf if you add... acl marketing-proxy proxy_auth marketing ... you would have an acl (named "marketing-proxy") that would match the authentication used by the hypothetical child proxy above. As for using MySQL to store username/password combinations, that would be done by making (or finding) a program that takes in the information and spits out "OK" or "ERR". The squid.conf.default has more information. > > TIA > > Duncan Chris
