On Thursday 03 July 2003 22.25, Diego Rivera wrote: > Sorry for the mixup on Squid versions. I'll be sure to upgrade to > 2.5 ASAP - although I don't see that happening that soon. > > I've written a perl script similar to the one referenced on Open2, > but it's a more general case (driver-based). The idea is to allow > e-mail based authentication as described on my original post, and > allow each "realm" to authenticate differently. > > I see two additional drivers as being highly desireable: > External-Program and External-Pipe. The first one would invoke an > external program to execute each authentication (inefficient, but > could be useful). The second one would start the external process > once and pipe info to it just as squid would.
I would recommend the second to be the only "driver" available. A simple program where all configuration is in the code is no more than 3 lines per domain. (1 line of initialization, 1 line of condition to match the domain, 1 line to send the request to the correct backend helper). A configuration based program should be no more than about one screenful of code. > The one drawback with this scheme is that it would NOT be possible > to have Squid be aware of the different realms - i.e., let users > authenticated on realm example-1.com through, but NOT users from > example-2.org. All the users would be generalized into one big > "authenticated users" group. Err.. the usernames in such setup include the domain so Squid can easily group the users in different groups. But you probably want a glue similar to the above around the group helpers as well if you want to use group lookup helpers (2.5 feature). Regards Henrik
