Sander, Andreas wrote:
Hello,
I am using Squid 2.7Stable6. I have an external helper that shall
obfuscate the authenticating user for a cache_peer. Unfortuantely this
does not work in any condition:
Lets take an example where my helper returns:
OK user=hello password=world
Example 1:
auth_param ...
external_acl_type groupbuilder children=1 %SRC %DST
C:\temp\helper\Debug\helper.exe
acl special external groupbuilder
http_access allow special
cache_peer 192.168.1.101 parent 3128 7 no-query default login=PASS
In this example the user "hello" is used for authentication when passing
the request to "192.168.1.101". Unfortunately the user is not
authenticated.
Example 2:
auth_param ...
external_acl_type groupbuilder children=1 %LOGIN %SRC %DST
C:\temp\helper\Debug\helper.exe
acl special external groupbuilder
http_access allow special
cache_peer 192.168.1.101 parent 3128 7 no-query default login=PASS
In this example, always the authenticating user, which is authenticated
by "auth_param" is passed to "192.168.1.101". The result of the external
helper is ignored.
What can I do to modify a login name by an external helper?
You cannot.
login=PROXYPASS simply passes the authentication headers the client sent
without changing.
login=PASS does the above, but when the client did not send any such
header it may _add_ a Basic auth header using the external helper details.
login=<username>:<password> does not pass anything, it uses the values
from squid.conf on every request.
login=*:<password> passes the client-given username through but replaces
the password with the one in squid.conf on every request.
This is the total of the login= features available in Squid 3.1 and older.
Squid-3.2 is currently open for new features. If you can specify your
requirements in detail and why the above features don't cover them
please send to squid-...@squid-cache.org
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
Current Beta Squid 3.1.0.13
