Search squid archive

Re: Squid Authentication Methods

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

Here is a solution that would work. You could call a custom script from your squid.conf e.g.

 auth_param basic program /etc/squid/my_custom_script.sh
 auth_param basic children 5
 auth_param basic realm Squidward Proxy
 auth_param basic credentialsttl 5 hours

My script goes something like this

   #!/bin/sh
   # read from stdin until EOF is received

   while read INP; do
# Use username and password to authenticate against AD domain number 1
   DOMAIN1=`echo $INP | /usr/lib/squid/ldap_auth ....(edited)

# User username and password to authenticate against AD domain number 2
   DOMAIN2=`echo $INP | /usr/lib/squid/ldap_auth ....(edited)

   # If username and password is correct for either domain, output "OK"
   if [ "$DOMAIN1" == "OK" ]; then
       echo "OK"
   elif [ "$DOMAIN2" == "OK" ]; then
       echo "OK"
   else
       echo "ERR"
   fi
   done

The above script authenticates against one domain, and if fails it tries the other domain. You could modify the second lookup in this script to check against a plaintext file instead of a 2nd domain. Instead of calling ldap_auth the 2nd time, call another custom script (call it plaintext_check.sh or something) that checks the username and password against a plaintext file and returns OK or ERR accordingly to the first script (above). Modify above line to call your 2nd script:
   DOMAIN2=`echo $INP | /usr/share/custom_scripts/plaintext_check.sh`

Non-standard, but you could get it to work if you can write shell scripts..
D.Radel.

----- Original Message ----- From: "Mark Elsen" <mark.elsen@xxxxxxxxx>
To: "Paolo Biancolli" <paolob@xxxxxxxxxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Wednesday, January 11, 2006 10:09 PM
Subject: Re:  Squid Authentication Methods


Hi all,

Is it possible to authenticate using a flat text file as well as using MS Active Directory? We are currently rolling out AD and may need to have 2
different authentication methods.


I presume "as well" means that  if the user is not in AD,look it up
in the flat tx file.
It doesn´t x work that way.When both schemes are configured , the
browser will use the strongest auth. scheme as a SINGLE source for
the current auth. request.

M.

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux