On 07.03.2012 14:23, Brett Lymn wrote:
Following up on myself...
On Fri, Mar 02, 2012 at 01:59:27PM +1030, Brett Lymn wrote:
At the moment I am looking at setting up a LDAP proxy for the
upstream
to query and then use login=*:password in squid. This should allow
me
to make the upstream proxy believe it is authenticating so that it
has
the username it wants.
OK, I have good news/bad news about this approach. The good news is
with
the help of:
[ snip the bad news :( ]
So, it seems that I need to strip the username back to just a bare
name.
From what Amos said earlier it seems I can do this with an external
acl, if I use this acl will the username be available for login=*? or
do
I need to use login=PASS? If I use login=PASS will I still get
authentication on squid as well? (I really need squid to auth the
client) or is there another way I can mangle the username to my
needs?
cache_peer option of "login=PASS", with the external_acl_type helper
returning values in both user= and password= parameters.
Amos
