Date: Tue, 19 Jan 1999 14:59:23 +0000 From: Tony Finch <dot@dotat.at> To: isp@FreeBSD.ORG Subject: Re: Squid -2 Message-ID: <E102ccl-00023f-00@fanf.noc.demon.net> In-Reply-To: <36A489F1.30CE5A96@basspro.com> References: <XFMail.990118233154.nicole@nmhtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Troy Kittrell <troyk@basspro.com> wrote: > >Sure...very easy...and I've already looked at ways to create this from >a Domino/LDAP server. But I would *rather* authenticate directly from >the source of the user lists. In addition to password file authentication, Squid can do proxy authentication via a collection of helper processes. You could write a simple one in perl, say, to do the required LDAP lookup. The most useful documentation on Squid's detailed capabilities is the comments in the configuration file, built from src/cf.data.pre. This includes: authenticate_program Specify the command for the external authenticator. Such a program reads a line containing "username password" and replies "OK" or "ERR" in an endless loop. If you use an authenticator, make sure you have 1 acl of type proxy_auth. By default, the authenticator_program is not used. If you want to use the traditional proxy authentication, jump over to the ../auth_modules/NCSA directory and type: % make % make install Then, set this line to something like authenticate_program @DEFAULT_PREFIX@/bin/ncsa_auth @DEFAULT_PREFIX@/etc/passwd authenticate_children The number of authenticator processes to spawn (default 5). If you start too few Squid will have to wait for them to process a backlog of usercode/password verifications, slowing it down. When password verifications are done via a (slow) network you are likely to need lots of authenticator processes. authenticate_ttl The time a checked username/password combination remains cached (default 3600). If a wrong password is given for a cached user, the user gets removed from the username/password cache forcing a revalidation. Tony. -- f.a.n.finch dot@dotat.at fanf@demon.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E102ccl-00023f-00>