Search squid archive

Re: Using LDAP and NCSA auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 19/11/2014 12:30 a.m., schinken wrote:
> Hi there,
> 
> i'm currently trying to do authentication against LDAP and NCSA
> auth - but it looks like, the user is never checked against NCSA if
> auth against LDAP failed (because the user doesn't exist):
> 
>> auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b
>> "dc=COMPANY,dc=int" -D squid@xxxxxxxxxxx -W
>> /etc/squid3/ldappass.txt -f sAMAccountName=%s -h
>> ldap.company.int auth_param basic children 100 auth_param basic
>> realm Internet Proxy auth_param basic credentialsttl 5 minute
>> 
>> auth_param basic program /usr/lib/squid3/basic_ncsa_auth
>> /etc/squid3/passwd auth_param basic realm Internet Proxy Basic
>> 
>> acl auth proxy_auth REQUIRED
> 
> If i try ncsa auth manually, it works:
> 
>> root@proxy:~# /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd 
>> nikola testla OK
> 
> 
> The same is true for LDAP auth. But i can't get a fallback working.
> How could i solve this?

Two points:

1) Squid does not do authentication. What it does do is send
credentials to a helper and uses the OK/ERR response that comes back
to determine whether to serve the client request. That is all.

2) Each authentication scheme may only have one helper queried. Its
answer is absolute regarding the validity of the credentials sent to it.


Since you decided to write your own authentication system {check
against A, if ERR check against B} you also need to write a helper
that can do the authentication using that system logic.

Amos

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUazekAAoJELJo5wb/XPRj6p0IANu5XsqkLFlj8pamP60LsXfp
VNxMbRHFBADauR7yaWUIbz+3Wif1ojr/nQg3tiXhb+1skUDOi1iIziPi3C9QvewI
FBlmcHBgIVHm+GfYHm4rfALnyi7lVXPX0Q9uJy4R+0xGzQw0mqgCRQ9QnYD+SUyB
euITq/X6AjDXKKT1fLbJ82DfiAYbukVTLXdXoBFKQ24semNcmHztoeBPuSeyFtBO
Yfu3SkR7J2zXolBt7o/q8nFXJSNzspuwjmIeIZGY7DliBoQtzSII/psiKI/QHusk
Q5/qb3S74uxhmvFhIbuflL0smYgIqezlILHqulZL60ob0tHAGrRnoYVnIYjVd/k=
=Ujkt
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux