thanks for your help, but I'm looking for an external helper.
What I need is a little tool that take username as standard input and check it against a simple table to see if it exist.
I've tried to simplify sqauth from squid2mysql to obtain this and from command line it works fine (provided that you pass 4 backslash, but that is a minor problem).
#!/bin/sh
#
mysqluser=user
mysqlpass=password
mysqlprog=`which mysql`
if [ "$mysqlprog" = "" ]; then
echo "MySQL not found!"
exit 1
fi
while read username; do
# echo $username
status=`$mysqlprog -u $mysqluser -p$mysqlpass -D squid -e "SELECT username FROM auth WHERE username='$username'"`
if [ "$status" = "" ]; then
echo "ERR"
else
echo "OK"
fi
done
Tha problem is that I don't know how to make squid pass username checked with wb_auth to this helper.
I've tried the following configuration but it doesn't work. Probably I miss a lot of knowledge in how helpers work.
auth_param ntlm program /usr/lib/squid/wb_ntlmauth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 20 auth_param ntlm max_challenge_lifetime 15 minutes auth_param basic program /usr/lib/squid/wb_ntlmauth auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours
external_acl_type mysql concurrency=5 ttl=900 %LOGIN /usr/bin/sqauthorize
acl browsing external mysql
http_access allow browsing
All the part about wb_ntlmauth works fine (i've tested it with wb_group).
What am I doing wrong ?
Hegedüs Ervin wrote:
Hello,
I would like to know if exist some kind of external helper to authorize users authenticated with another method.
I'm already using Netbios authentication but instead of the group helper i would prefer to create an ACL based on a mysql table.
http://freshmeat.net/projects/mysql_auth/?topic_id=148
official site: http://people.fsn.hu/~airween/mysql_auth/index.html
and undocumented beta version: http://people.fsn.hu/~airween/mysql_auth_beta/index.html
the last one is better choice for newest MySQL versions. it uses mysql_real_connect(), not older mysql_connect().
The program has GPL license, you may rewrite it for your idea.
Important: it is not _external_helper_, it is just a simple basic helper.
If you have any question, please drop an email to own list, or direct to me.
Bye: air
