On Wed, 12 Jan 2005, Scott wrote:
Currently a user must log in using a [EMAIL PROTECTED] to authenticate. This works fine but as time goes by I end up with a large amount of users wishing that they could drop the domain authentication from the auth request.
I would like to do this but I have hit a brick wall in regards to how to handle multiple matching usernames (and passwords unfortunetly) without a domain.
Indeed a problem, and no easy short term solution available today other than to use one Squid instance per user population, each with their own auth_param settings, and possibly forwarding all requests to a common Squid for caching.
The long term solution is to implement something called "Authentication Realms", allowing multiple different auth_param settings in the same Squid allowing different settings to be used for different clients.
A) allowing %SRC to be passed with <username> <password> to the auth helper
There was a patch for this for Squid-2.4, but not really doing what you ask. <url:http://devel.squid-cache.org/old_projects.html#authinfo>.
What this patch does not is that it doesn't differentiate between user a from IP 1 or user a from IP 2. If only allows the helper to verify the IP of the initial login.
I might be looking at this wrong but all the things that I have looked at so far have said that squid will not pass any args to the auth helper at all.
Squid uniquely identifies users by their login, not including the IP. This is required for the max_user_ip acl and a few other constructs. We do not intend to change this.
Regards Henrik
