Hi,
Was hoping to get some help passing usernames from an external acl to a
cache peer. My situation is squid -> dansguardian -> squid. First
squid for making ident queries and applying some acl's we have in place
(quota limits, identification required etc) which then needs to pass the
username from the ident query to dansguardian so that users can be put
into filter groups. Staff vs Students. Dansguardian does not need to
pass the ident any further, the final squid services all connections
from the first squid machine only.
I found a post on this mailing list with the same subject which
contained a patch for 2.5-STABLE10
(http://www.squid-cache.org/mail-archive/squid-users/200506/0168.html)
and have attempted to incorporate it into the 2.5-STABLE12 source I am
building from, but my knowledge is a little lacking in the programming
department so I have no idea whats gone wrong. It appears to be trying
to pass something but it is showing up as empty in the username field.
Not the usual hyphen - when a username is not passed.
Viewing the headers with the patch from this list applied shows that it
is sending through
Proxy-Authorization: Basic OnBhc3N3b3Jk
with OnBhc3N3b3Jk decoded to :password which is what my cache_peer line
tells it to try and do. login=*:password. So the username variable is
not being filled with the ident request but is being filled by an empty
string (not null).
acl identrequired ident REQUIRED
acl blocklist ident "/etc/squid/blocked-users.lst"
acl exceededquota ident "/etc/squid/user-limit.lst"
acl staffusers ident "/etc/squid/staff.lst"
acl adminusers ident "/etc/squid/admin.lst"
http_access allow specialcases
http_access allow adminusers
http_access allow staffusers
http_access deny blocklist
http_access deny exceededquota
http_access allow identrequired
http_access deny all
cache_peer 127.0.0.1 parent 8081 0 no-query login=*:password
Any assistance in getting ident usernames to Dansguardian would be
greatly appreciated.
Thanks
Russell
Network Manager SSSC
