Hi folks,
I'm trying to get external acl's to work with IDENT reply after I gave
up NTLM auth.
When I configure squid to use it like this :
external_acl_type ident_auth concurrency=5 ttl=900 cache=5 %IDENT /root/auth.sh
acl browsing external ident_auth
http_access allow browsing
and the script contains this :
!/bin/sh
#
mysqluser=user
mysqlpass=pass
mysqlprog=`which mysql`
if [ "$mysqlprog" = "" ]; then
echo "MySQL not found!"
exit 1
fi
while read username; do
# echo $username
status=`$mysqlprog -h <ip> -u $mysqluser -p$mysqlpass -D postfix
-e "SELECT clear FROM users WHERE email='$username'"`
if [ "$status" = "" ]; then
echo "ERR"
else
echo "OK"
fi
done
This works ok, for a couple of requests, but when doing more than a
few requests (like 10) from one pc, some of the GET requests do not
get authenticated, so some websites display page without or with a few
images, or don't display at all.
I tried fiddling with
authenticate_cache_garbage_interval 5 minutes
authenticate_ttl 1 hour
but this did not help.
Is there any way to debug this, or are there any known problems with
this type of setup ?
This is my squid version, on debian sarge.
Squid Cache: Version 2.5.STABLE5
configure options: --prefix=/usr --exec_prefix=/usr
--bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid
--sysconfdir=/etc --localstatedir=/var/spool/squid
--datadir=/usr/share/squid --enable-async-io --with-pthreads
--enable-storeio=ufs,aufs,diskd,null --enable-linux-netfilter
--enable-arp-acl --enable-removal-policies=lru,heap --enable-snmp
--enable-delay-pools --enable-htcp --enable-poll
--enable-cache-digests --enable-underscores --enable-referer-log
--enable-useragent-log --enable-auth=basic,digest,ntlm
i386-debian-linux
Thanks,
Pieterjan Heyse
Scheppersintituut Wetteren
Cooppallaan 128
9230 Wetteren
Tel: 09 3692072
Fax: 09 3661348
mailto:[EMAIL PROTECTED]
