I wish there was a simple answer, but it really doesn't matter what
directory you use, you won't be able to do that via LDAP auth. Squid
would have to maintain some sort of session table and prevent the
second authentication, which I'm pretty sure it doesn't today.
So the answer to your question is no, that is not true when doing LDAP
authentication against Novell eDirectory unfortunately (using a Novell
Client over an NCP connection you can limit concurrent logins).
Matt
On Oct 22, 2009, at 11:55 AM, skinnyzaz wrote:
Thanks I am going to check out (PWM) for sure! Looks very handy. I
am going
to try to run it with my current Active Directory setup. But I have a
question about the Novell server as I have never used it before. I
would
like to be able to stop people from logging into my squid server
more than
once. Right now using AD it is possible for 2 different people to
login to
squid at the same time using the same user name ans password. I
heard a
rumor :) that if I was using a Novell database I would be able to stop
this..... is this true?
Matt Weisberg wrote:
You might want to take a look at the open source Password Management
servlets (PWM), http://developer.novell.com/wiki/index.php/Pwm
It was originally written as a password self-service system for
Novell
eDirectory, but it has a New User registration system and it now
works
against AD as well.
I've typically used it in Identity Management setups, but I have a
customer using Squid with LDAP auth against Novell eDirectory and PWM
for password self-service. It works quite well. There is a demo
site
here: http://pwmdemo.weisberg.net/pwm/
It is written in Java and runs nicely under Tomcat.
Novell is shutting down their forge site, so the application will be
moving to Google's developer site soon (new name coming too since pwm
is taken).
Also, eDirectory might not be a bad auth source as Novell offers a
free 250,000 object license for eDirectory:
http://www.novell.com/products/edirectory/customer_license.htm
Matt
On Oct 21, 2009, at 7:21 PM, skinnyzaz wrote:
Yes i realize that but it would be an internal site. Or I was also
trying to
figure out a way to have someone create a request then I authroize
it some
how. I was using AD for my squid authorization but i was having
trouble
creating the AD accounts password field via LDAP.....
Amos Jeffries-2 wrote:
On Wed, 21 Oct 2009 14:24:30 -0700 (PDT), skinnyzaz
<bradzazulak@xxxxxxxxx>
wrote:
First I will let you know what I am trying to do. I am looking for
some
way
to have users create there own user names and passwords from a
website
of
some sort. And then have squid authenticate from the accounts
created
from
the website. I have been looking for a couple months but am
starting to
run
out of ideas. Does anyone have any idea of how this is possible?
Your idea collapses into a simple case of: popup the auth login and
accept
anything that is entered.
Squid bundles with fake authenticators for testing that does
exactly that.
For the older versions there is
http://wiki.squid-cache.org/ConfigExamples/Authenticate/LoggingOnly
You seem to be stuck in the idea that having a auth popup alone
makes
things secure. The entire purpose of an authentication is to
control who
gets access. Allowing random people to add themselves anonymously
is not a
good idea.
Amos
--
View this message in context:
http://www.nabble.com/Looking-for-authentication-ideas-tp26000513p26001776.html
Sent from the Squid - Users mailing list archive at Nabble.com.
--
View this message in context: http://www.nabble.com/Looking-for-authentication-ideas-tp26000513p26012559.html
Sent from the Squid - Users mailing list archive at Nabble.com.
