On 9/03/2012 6:16 p.m., Brett Lymn wrote:
On Thu, Mar 08, 2012 at 10:37:01AM +1030, Brett Lymn wrote:
1) The credentials being passed to the upstream are not rewritten - if I
decode the basic auth it has my real password going to the upstream.
And scratch this one too... if I use:
cache_peer upstream.proxy parent 8080 7 login=*:password no-query default
along with the external acl the username rewrite happens[1] so now the
silly upstream logging actually works for both basic& kerberos
authentication.
[1] see line 1628 in http.cc - there is a check for peer_login == * and
then it checks if there is an external ecl rewrite for the login
details.
Just below it on line 1644 was the case I was referring to where the
username and password are set by the helper. But the * case will suit as
well.
Thanks for the patience& help Amos - I got there in the end.
Huzzah for happy endings :)
Amos
