On 10/03/2017 3:23 a.m., Hareesh wrote: > Hi > > I have a query related to the option Login=PASS in cache-peer. The > documentation mentions the following. > > login=PASS Send login details received from client to this peer. > Authentication is not required by this option. > > *If there are no client-provided authentication headers > to pass on, but username and password are available > from an external ACL user= and password= result tags > they may be sent instead.* > > I want to understand what do they exactly mean by the text given *bold*? > Where and how can the user and password be given as acls. > > Can some one please shed some light with possible example? > The usual purpose of external-ACL helper (external_acl_type) is to do authorization (allowed/denied) checks (*not* authentication!!). But it can also do out-of-band processing on what it gets given (eg Cookie header, or WWW-Auth* header with custom scheme type, or IP and IDENT values) and send back a response like "OK user=blah password=hello". If there is no authenticated HTTP-auth login credentials for the request these external-ACL provided credentials may be used to fulfill the login=PASS requirement of delivering a Basic authentication header to the peer. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
