Robert Marcano wrote:
Greetings.
I am interested in developing features for squid that are currently
needed in our installations, related with LDAP and authentication
integration and content filtering (ICAP). I have being able to add the
feature of forwarding the current authenticated to the next proxy in the
chain, primarily because Squid is doing the Kerberos authentication and
the next proxy needs that info to execute another actions (I will follow
this introduction with other email with the explanation of the needs and
the implementation)
Welcome aboard.
You may already have seen these, but just in case.
Basic Reference on the tools needed to work with Squid code as a
developer and links to other useful developer information:
http://wiki.squid-cache.org/DeveloperResources
Documentation on the patch submission process how-to and what to expect:
http://wiki.squid-cache.org/MergeProcedure
Another area I want to make a few contributions are:
- Capability to advertise different auth methods based on the request,
for example, restrict to NTLM and Negotiate only to browser and never
tell them that basic auth is allowed (IE still tries with basic even
when NTLM auth is ok but acl restricted the request), I want to avoid
people using basic for the browser. but still allow the usage of basic
auth for certain acl verified requests (user agent, ip, etc)
Great. The bug 2305 shuffling has been submitted for audit now. An
auth_param ACL option should be relatively easy to implement on top of
those changes once committed.
The specs for this so far are to create a way to configure:
auth_param X filter acl [acl] ...
or similar.
- Make tcp_outgoing_address be able to use an interface name and not
only a fixed ip address, this solve a problem we have with some setups
where we allow to acces to the internet with a dedicated ISP for a group
of users, and that ISP is using a dynamic ip (we currently solve this
with a scripting hack regenerating the configuration file)
tcp_outgoing_address is absolutely not the right place for this. A
separate tcp_outgoing_interface will be needed at minimum.
I'm interested in hearing how you propose to make this work.
You will face the problems of:
* how to identify the kernel ID of the interface name configured.
* how to pass the interface ID back using the socket API.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.1
