For everyone who asked (about 30 of you. I've just gotten back from a
business trip, and I don't have enough time to find all your addresses):
http://www2.simegen.com/~dancer/patches/ipauth.patch
There are two new compile-time switches:
-DAUTH_WITH_IP=1 and -DUSERDATA_FROM_AUTHENTICATOR=1
(You will have to set these in the Makefile yourself)
If you set AUTH_WITH_IP, then squid will add the client's IP address as
a third argument to the authenticator program:
(ie: Instead of 'j.bloggs xyzzy', the authenticator will get 'j.bloggs
xyzzy 192.168.1.117')
This function disables the internal authentication cache in squid, so be
sure your authenticator has some kind of limited caching if it has to
commune with a slower server to do it's job.
If you USERDATA_FROM_AUTHENTICATOR then you can (optionally) return a
string after OK or ERR to log instead of the username that the user
supplied for authentication:
Eg: You can return:
ERR j.bloggs/(bad-password)
..and you'll get that in the logs.
Alternatively, you can return things like:
OK admin/random.q.hacker
or,
OK external-customer/john.network
or just about anything else you want.
My time to do technical assistance on this is LIMITED, so I'm just
asking one small thing: MAKE SURE YOU KNOW WHAT YOU ARE DOING BEFORE YOU
EVEN THINK ABOUT APPLYING THIS PATCH!
(Is that too much to ask?)
D
Received on Fri Jul 30 1999 - 00:02:08 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:38 MST