Is there a way for me to redirect to a specific URL if the user's password is "blank" ?? You suggested using an external ACL to block users with an expired password. Here's how I'm expiring passwords, since I'm using the NCSA helper:
When I create a user, it dumps a username, a 'tab' and an expiration date to a file called "expired". I have an agent that runs on a regular basis that watches the expired file. The agent checks the file by grepping for today via a pre formatted date. If anything returns from the grep expression, it removes the password from the user's entry in the password file. A null password is assumed expired. Now. How can I tell squid, that if the user exists, but doesn't have a password set, to redirect that user to a specific URL? ie: http://proxycache/cgi-bin/chpasswd.cgi Is this possible? Is this what you were suggesting? If not, is there some in-depth documentation on how the helpers work and should I use a different helper? I appreciate your patience with me. :-) Tim Henrik Nordstrom <[EMAIL PROTECTED]> 01/14/2004 05:17 PM To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Authentication On Wed, 14 Jan 2004 [EMAIL PROTECTED] wrote: > Using basic_auth with htpasswd files and would like to know if there's a > way to: > 1.) Expire passwords in squid, somehow. Only if your helper supports password expiry. The NCSA helper does not, but should be trivial to add. You can also have something deleting expired users from the active password file. My gut feeling is that this is best implemented via an external ACL (with very short negative ttl), blocking users with expired password access sending them to a change password page instead. It is also possible to make use of the message string from the authentication helper to indicate that the password has expired but this is less obvious to the users. > 2.) Allow the users to change their passwords. This has to be done via other means than Squid as HTTP does not have a "Change password" method. See the Squid FAQ for some suggestions on how this can be done. Regards Henrik
