How to use external authentication and authorisation helpers ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to use external authentication and authorisation helpers ?

Markus Moeller
I am new to squid and I try to understand how squid has to be configured for
authentication and authorisation.
For example if I want to authenticate a user with NTLM or Negotiate and
authorise depending on ldap group memberships.

I was thinking that I need:

auth_param ntlm program
/path/to/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm keep_alive on
auth_param ntlm children 5

external_acl_type ldap_group ttl=3600 negative_ttl=3600 children=5 %LOGIN
/path/to/helper url=ldap://server.com bind=DC=SERVER,DC=COM


acl ntlm proxy_auth REQUIRED
acl ldap_check external ldap_group SQUID_USER

http_access allow ldap_check
# And finally deny all other access to this proxy
http_access deny all


What I was wondering is how does the authentication helper get invoked ? Do
I need also

http_access allow ntlm

or will ldap_check know that ntlm authentication has to be invoked to get
%LOGIN details ?

Thank you
Markus




Reply | Threaded
Open this post in threaded view
|

Re: How to use external authentication and authorisation helpers ?

Henrik Nordström
lör 2007-05-19 klockan 18:48 +0100 skrev Markus Moeller:

> acl ntlm proxy_auth REQUIRED

The ntlm acl is not needed.

> acl ldap_check external ldap_group SQUID_USER
>
> http_access allow ldap_check
> # And finally deny all other access to this proxy
> http_access deny all
>
>
> What I was wondering is how does the authentication helper get invoked?

Automatically whenever Squid reaches an acl requiring a username while
processing the http_access rules.

> or will ldap_check know that ntlm authentication has to be invoked to get
> %LOGIN details ?

Correct.

Regards
Henrik

signature.asc (316 bytes) Download Attachment