This is a Squid-3.3 proposal.
I've been looking at transitioning the helpers use the same protocol.
Firstly by transitioning the response codes to be OK/NA/ERR with
key=value parameters for additional information.
For Basic auth and external ACLs the NA result is added.
ERR being intended for helper errors or problems.
In the further future this may be used to do re-tries with other helpers.
NA for explicitly not-authorized. Squid will reject the user with
Forbidden.
NTLM/Negotiate changes a bit:
TT becomes OK token=
AF becomes OK user=
LD becomes ERR user=
BH becomes ERR message="some text"
The parameter token= is added to represent the base-64 encoded binary
blob going back and forth. May be used in any of the protocols
eventually, but initially just Negotiate and NTLM require it.
The parameter message= is added with a quoted string value to allow
other parameters on the same result line when an error reason/message is
sent back.
The parameter user= is added to hold the username whenever relevant for
any reply.
Other parameters are on the planning board for addition after the
changes. So far I have: ttl= for setting a desired credentials-TTL,
group= for associating a group name with the user=, tag= extended from
external ACL to auth.
Opinions? problems? other ideas?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.5
