From owner-freebsd-isp  Tue Jan 19 06:59:56 1999
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA29725
          for freebsd-isp-outgoing; Tue, 19 Jan 1999 06:59:56 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from server.noc.demon.net (server.noc.demon.net [193.195.224.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA29703
          for <isp@freebsd.org>; Tue, 19 Jan 1999 06:59:42 -0800 (PST)
          (envelope-from fanf@demon.net)
Received: by server.noc.demon.net; id OAA14010; Tue, 19 Jan 1999 14:59:37 GMT
Received: from fanf.noc.demon.net(195.11.55.83) by inside.noc.demon.net via smap (3.2)
	id xma013999; Tue, 19 Jan 99 14:59:24 GMT
Received: from fanf by fanf.noc.demon.net with local (Exim 1.73 #2)
	id 102ccl-00023f-00; Tue, 19 Jan 1999 14:59:23 +0000
To: isp@FreeBSD.ORG
From: Tony Finch <dot@dotat.at>
Subject: Re: Squid -2
Newsgroups: chiark.mail.freebsd.isp
In-Reply-To: <36A489F1.30CE5A96@basspro.com>
Organization: Deliberate Obfuscation To Amuse Tony
References: <XFMail.990118233154.nicole@nmhtech.com>
Message-Id: <E102ccl-00023f-00@fanf.noc.demon.net>
Date: Tue, 19 Jan 1999 14:59:23 +0000
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Troy Kittrell <troyk@basspro.com> wrote:
>
>Sure...very easy...and I've already looked at ways to create this from
>a Domino/LDAP server. But I would *rather* authenticate directly from
>the source of the user lists.

In addition to password file authentication, Squid can do proxy
authentication via a collection of helper processes. You could
write a simple one in perl, say, to do the required LDAP lookup.

The most useful documentation on Squid's detailed capabilities is the
comments in the configuration file, built from src/cf.data.pre. This
includes:

authenticate_program
	Specify the command for the external authenticator.  Such a
	program reads a line containing "username password" and replies
	"OK" or "ERR" in an endless loop.  If you use an authenticator,
	make sure you have 1 acl of type proxy_auth.  By default, the
	authenticator_program is not used.

	If you want to use the traditional proxy authentication,
	jump over to the ../auth_modules/NCSA directory and
	type:
		% make
		% make install

	Then, set this line to something like

	authenticate_program @DEFAULT_PREFIX@/bin/ncsa_auth @DEFAULT_PREFIX@/etc/passwd

authenticate_children
	The number of authenticator processes to spawn (default 5). If you
	start too few Squid will have to wait for them to process a backlog
	of usercode/password verifications, slowing it down. When password
	verifications are done via a (slow) network you are likely to need
	lots of authenticator processes.

authenticate_ttl
	The time a checked username/password combination remains cached
	(default 3600). If a wrong password is given for a cached user,
	the user gets removed from the username/password cache forcing
	a revalidation.

Tony.
-- 
f.a.n.finch  dot@dotat.at  fanf@demon.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message