[squid-users] Squid + oracle

Amos Jeffries squid3 at treenet.co.nz
Tue Aug 18 17:10:48 UTC 2015


On 19/08/2015 2:06 a.m., adricustodio wrote:
> I was thinking... isnt it possible to make squid authenticate on a radius
> server and the radius goes into the oracle db ?

Depends on whether you are using the Captive Portal installation you
mentioned, a forward-proxy or interception proxy.

Of those options only the forward-proxy can do HTTP authentication.

I'm not familiar enough with RADIUS to know how (if at all) you coudl
get data between them.

> 
> Sorry if it sounds stupid, im new on DB. I usually only work on proxy with
> ncsa authentication.

Operationally there is no difference. NCSA is one of the flat-file
database formats I mentioned. Both even use crypt() function in the
background for secure password hashing.

The only visible difference between basic_db_auth and basic_ncsa_auth is
the parameters on the helper line in squid.conf.

Here is an example config for the DB auth helper:

auth_param basic program /usr/bin/perl /usr/lib/squid/basic_db_auth \
  --persist --md5 --salt "pepper" \
  --dsn DBI:Oracle:database=users:db.example.com:1234 \
  --user proxy --password blah --table accounts \
  --usercol UserName --passwdcol Passwd \
  --cond Status='ACTIVE'


As Yuri pointed the basic_ldap_auth helper is also usable if you prefer
LDAP query syntax to SQL.

Amos



More information about the squid-users mailing list