Search squid archive

Passing username from external acl to cache peer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Was hoping to get some help passing usernames from an external acl to a cache peer. My situation is squid -> dansguardian -> squid. First squid for making ident queries and applying some acl's we have in place (quota limits, identification required etc) which then needs to pass the username from the ident query to dansguardian so that users can be put into filter groups. Staff vs Students. Dansguardian does not need to pass the ident any further, the final squid services all connections from the first squid machine only.

I found a post on this mailing list with the same subject which contained a patch for 2.5-STABLE10 (http://www.squid-cache.org/mail-archive/squid-users/200506/0168.html) and have attempted to incorporate it into the 2.5-STABLE12 source I am building from, but my knowledge is a little lacking in the programming department so I have no idea whats gone wrong. It appears to be trying to pass something but it is showing up as empty in the username field. Not the usual hyphen - when a username is not passed.

Viewing the headers with the patch from this list applied shows that it is sending through
Proxy-Authorization: Basic OnBhc3N3b3Jk
with OnBhc3N3b3Jk decoded to :password which is what my cache_peer line tells it to try and do. login=*:password. So the username variable is not being filled with the ident request but is being filled by an empty string (not null).

acl identrequired ident REQUIRED
acl blocklist ident "/etc/squid/blocked-users.lst"
acl exceededquota ident "/etc/squid/user-limit.lst"
acl staffusers ident "/etc/squid/staff.lst"
acl adminusers ident "/etc/squid/admin.lst"
http_access allow specialcases
http_access allow adminusers
http_access allow staffusers
http_access deny blocklist
http_access deny exceededquota
http_access allow identrequired
http_access deny all

cache_peer 127.0.0.1 parent 8081 0 no-query login=*:password


Any assistance in getting ident usernames to Dansguardian would be greatly appreciated.

Thanks

Russell

Network Manager SSSC

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux