Search squid archive

Re: enabling X-Authenticated-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02.03.2012 00:06, Michael Hendrie wrote:

On 01/03/2012, at 7:32 PM, Amos Jeffries wrote:


On 01.03.2012 18:06, Brett Lymn wrote:

On Thu, Mar 01, 2012 at 03:17:43PM +1030, Michael Hendrie wrote:



<snip>
I'm reluctant to add the header because the data is already transmitted in the authentication headers.
Squid does have a little issue automatically mapping Kerberos/NTLM/Digest usernames into a Basic auth because we cannot easily be sure if a fake password is acceptable or real one needed by the upstream. I'm quite happy to accept patches which add that mapping ability to Squid in a secure way.
NP: an external_acl_type helper can return the key-pairs "user=X password=Y" (both needed to do this) to associate some credentials to the request. These are available to login=PASS for relay upstream in the Basic auth format. 



I would also like to see a feature for "insert_user_defined_header"
not only of X-Authenticated-User but would be useful for other web
apps I've come across (Google and YouTube) using non-standard HTTP
header's that I've had to create patches for...see the following URLs: 

http://support.google.com/a/bin/answer.py?hl=en&answer=1668854
http://support.google.com/youtube/bin/answer.py?hl=en&answer=1686318
You really want to trust a tutorial which begins with "Enable SSL interception on the proxy server."?
There really is no need for a proxy to use write-access to headers and client requests. The servers have PICS labeling or other newer rating systems available that the proxy can read and enforce site-wide policy for far easier. 
  http://vancouver-webpages.com/PICS/HOWTO.html#tools

Too many different sized wheels on that old cart.




If there were code submission to the dev mailing list would these get
looked at or is there no chance of a "insert_user_defined_header"
feature being included?
Looked at, yes. Argued over, probably. Accepted, depends on how the audit and voting process goes. We are very democratic.
Personally I'm against the nasty uses naive people put it to without considering the consequences more than the feature itself. Adding it is the top of a slippery slope of feature requests we have managed to mostly avoid so far. 

Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux