Login=PASS --> Query

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Login=PASS --> Query

Hareesh
Hi

I have a query related to the option Login=PASS in cache-peer. The documentation mentions the following.

        login=PASS Send login details received from client to this peer.
                        Authentication is not required by this option.
                       
                        If there are no client-provided authentication headers
                        to pass on, but username and password are available
                        from an external ACL user= and password= result tags
                        they may be sent instead.


I want to understand what do they exactly mean by the text given bold? Where and how can the user and password be given as acls.

Can some one please shed some light with possible example?

Thanks

Reply | Threaded
Open this post in threaded view
|

Re: Login=PASS --> Query

Amos Jeffries
Administrator
On 10/03/2017 3:23 a.m., Hareesh wrote:

> Hi
>
> I have a query related to the option Login=PASS in cache-peer. The
> documentation mentions the following.
>
> login=PASS Send login details received from client to this peer.
> Authentication is not required by this option.
>
> *If there are no client-provided authentication headers
> to pass on, but username and password are available
> from an external ACL user= and password= result tags
> they may be sent instead.*
>
> I want to understand what do they exactly mean by the text given *bold*?
> Where and how can the user and password be given as acls.
>
> Can some one please shed some light with possible example?
>

The usual purpose of external-ACL helper (external_acl_type) is to do
authorization (allowed/denied) checks (*not* authentication!!).

But it can also do out-of-band processing on what it gets given (eg
Cookie header, or WWW-Auth* header with custom scheme type, or IP and
IDENT values) and send back a response like "OK user=blah password=hello".

If there is no authenticated HTTP-auth login credentials for the request
these external-ACL provided credentials may be used to fulfill the
login=PASS requirement of delivering a Basic authentication header to
the peer.

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users