Search squid archive

external_acl_type (%LOGIN %EXT_USER %{Proxy-Authorization}) NTLM vs Basic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Squid users.

I've wrote a external ACL helper in perl connecting to a database to
check if a authenticated users is still within his/her quota.

Currently it's 2 separate perl scripts one for basic authentication and
the other for NTLM.

For the basic external helper I pass the %{Proxy-Authorization} format
to the script.
Then base64 decode it to get the value of the ALREADY authenticated
user. This external ACL helper will only work if the user was
authenticated from a previously called auth helper. So why don't I pass
%LOGIN to the script ? Because if I pass %LOGIN squid will automatically
think it's an external auth helper which in this case it's not. It will
still work but squid will infinitely prompt the user on a ERR return
from the helper. Only when the user press cancel he/she will get my
custom err page which say "QUOTA EXCEEDED". This is not a good idea
because the user will think it's the authentication that failed and not
the quota.

For NTLM authentication I can not afford to pass the
%{Proxy-Authorization} to the script because it will take way to much
resources to decode it :-) I can't pass %LOGIN because of the same
behavior as the above problem with basic authentication.

I've seen that squid 3 stable 18 does have additional formats for
external helpers.
I thought %EXT_USER will do the trick but that will only have a value if
the external auth help return OK user=.

So my question is how do I get the value of a already NTLM authenticated
user to be pass to my external acl helper ? Without using %LOGIN and
still make use of the buildin NTLM auth helper, or if I can disable the
infinite prompt behavior when passing %LOGIN will also do.

A simple example.
external_acl_type InQuota %{???????} in_quota.pl

Regards
Bartel Viljoen

-----------------------------------------------------------------
Network & Computing Consultants
Tel: 0861-555444  |  Fax: 0861-555445
http://www.ncc.co.za

This e-mail is subjected to a disclaimer that can be viewed at:
http://www.ncc.co.za/legal/email-disclaimer.html

Email Managed by MailXServer  - http://www.mailxserver.com
-----------------------------------------------------------------
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux