On 28/02/2012 9:07 p.m., Erwann Pencreach wrote:
Hi all,
here is what I've done in squid.conf :
external_acl_type loggeduser children=15 %DST %SRC
/etc/squid3/squid.d/loggeduser_acl.sh
acl isok external loggeduser
http_access allow isok
If you add an ID you can use concurrency to reduce process overheads.
and here isloggeduser_acl.sh script :
while read dst srchost;
while read id dst srchost;
do
date=$(date +"%d/%m/%Y %H:%M:%S")
authuser=$(command to get logged user on client host)
if [ ! $(echo $authuser | wc -w) -eq 1 ]
then
echo "[KO] number of connected user differs from 1 $srchost $dst"
/var/log/squid3/extacl.log
echo "ERR"
echo "${id} ERR"
else
isok=$(the I check my access right)
if [ $isok ]
then
echo "[OK]$date $authuser($accountstatus) $srchost $dst">>
/var/log/squid3/headers.log
echo "OK user=$authuser"
echo "${id} OK user="${authuser}"
else
echo "[KO]$date $authuser($accountstatus) $srchost $dst">>
/var/log/squid3/headers.log
echo "ERR user=$authuser"
echo "${id} ERR user=${authuser}"
# NOTE: do you actually have authuser at this point?
fi
fi
done
exit 1
The question that comes to my mind here is what backend you are
intending to use this with? what authentication database/system needs
you to write a whole new helper?
Amos
