Re: Squid authentication
From: Skylar Thompson (skylar_at_os2.dhs.org)
Date: 07/07/04
- Next message: Michael Heiming: "Re: GnuPGP"
- Previous message: Michael Heiming: "Re: Squid authentication"
- In reply to: Fabricio Greco: "Squid authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 07 Jul 2004 15:59:58 GMT
On 6 Jul 2004 12:13:58 -0700, Fabricio Greco <fabricio.greco@edag.com.br> wrote:
> Hello Guys,
> I am user of Squid2.2 and I have setup it to work with ncsa
> authentication schema. Now I would like to change it, I donīt what the
> user type a login and password to access the internet, I want to
> validate the user through the login that he or she is using on the
> Windows and Unix systems. At my Company we have a mixed enviroment
> with UNIX-Solaris and PC-W2k systems.
> I donīt want the user spend his or her time trying to store another
> login/password.
> I was trying to setup the acl ident in squid , but I was not
> successuful.
> Please, can anyone give me any idea to setup it?
We use a Python script that queries our IMAP server to get its
authentication info. Works great for us.
Here the entries in our squid.conf for authentication:
===
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/local/bin/squidauth.py
===
And here's the script we use:
===
#!/usr/bin/env python
from imaplib import IMAP4
import sys
#IMAP server against which we authenticate
server="imap.cs.earlham.edu"
#Port number for IMAP server. Usually 143
port=143
#Below here you shouldn't need to edit anything
while 1:
#Read user and password from stdin, remove the newline, split at the space
#and assign to the user and password variables
line=sys.stdin.readline()[:-1]
[user,password]=line.split(' ')
#Connect to the IMAP server
p=IMAP4(server,port)
#Try to authenticate. If it doesn't work, it throws an exception
try:
p.login(user,password)
except:
#If it threw an exception, log in cache.log the auth booboo
sys.stderr.write("ERR authenticating %s\n"%user)
#Then deny access
sys.stdout.write("ERR\n")
#IMPORTANT!!!!!!!!!!!! Flush stdout
sys.stdout.flush()
continue
#If it didn't throw exceptions, that means it authenticated
#Log success to cache.log
sys.stderr.write("OK authenticated %s\n"%user)
#Then allow access
sys.stdout.write("OK\n")
sys.stdout.flush()
===
You'll just have to change the IMAP server to your own IMAP server, and
you're good to go.
-- -- Skylar Thompson (skylar@cs.earlham.edu) -- http://www.cs.earlham.edu/~skylar/
- Next message: Michael Heiming: "Re: GnuPGP"
- Previous message: Michael Heiming: "Re: Squid authentication"
- In reply to: Fabricio Greco: "Squid authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
