Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Jan 1999 14:59:23 +0000
From:      Tony Finch <dot@dotat.at>
To:        isp@FreeBSD.ORG
Subject:   Re: Squid -2
Message-ID:  <E102ccl-00023f-00@fanf.noc.demon.net>
In-Reply-To: <36A489F1.30CE5A96@basspro.com>
References:  <XFMail.990118233154.nicole@nmhtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Troy Kittrell <troyk@basspro.com> wrote:
>
>Sure...very easy...and I've already looked at ways to create this from
>a Domino/LDAP server. But I would *rather* authenticate directly from
>the source of the user lists.

In addition to password file authentication, Squid can do proxy
authentication via a collection of helper processes. You could
write a simple one in perl, say, to do the required LDAP lookup.

The most useful documentation on Squid's detailed capabilities is the
comments in the configuration file, built from src/cf.data.pre. This
includes:

authenticate_program
	Specify the command for the external authenticator.  Such a
	program reads a line containing "username password" and replies
	"OK" or "ERR" in an endless loop.  If you use an authenticator,
	make sure you have 1 acl of type proxy_auth.  By default, the
	authenticator_program is not used.

	If you want to use the traditional proxy authentication,
	jump over to the ../auth_modules/NCSA directory and
	type:
		% make
		% make install

	Then, set this line to something like

	authenticate_program @DEFAULT_PREFIX@/bin/ncsa_auth @DEFAULT_PREFIX@/etc/passwd

authenticate_children
	The number of authenticator processes to spawn (default 5). If you
	start too few Squid will have to wait for them to process a backlog
	of usercode/password verifications, slowing it down. When password
	verifications are done via a (slow) network you are likely to need
	lots of authenticator processes.

authenticate_ttl
	The time a checked username/password combination remains cached
	(default 3600). If a wrong password is given for a cached user,
	the user gets removed from the username/password cache forcing
	a revalidation.

Tony.
-- 
f.a.n.finch  dot@dotat.at  fanf@demon.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E102ccl-00023f-00>