[squid-users] Groups and authorization SQUID
Edwin Quijada
listas_quijada at hotmail.com
Mon Dec 11 20:48:04 UTC 2017
________________________________
From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Antony Stone <Antony.Stone at squid.open.source.it>
Sent: Saturday, December 9, 2017 3:57 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Groups and authorization SQUID
On Saturday 09 December 2017 at 15:35:51, Edwin Quijada wrote:
> > On Friday 08 December 2017 at 22:08:33, Edwin Quijada wrote:
> >
> > > I have 4 different groups in my company each group has access different
> >
> > Please explain what "access different" means.
>
> The first group has accees to 2 pages, second 3 differents pages and 3 and
> 4 everything
Okay, understood.
> > > These groups and users are in a remote server
> >
> > What sort of server? How are the groups defined?
>
> It is a web server
Er, okay...
> > > that I use with a webservice
>
> > What does "webservice" mean?
>
> Remote method/function that respond me when I sent user/pass this respond
> me with the group that user belongs I have another method/function/script
> by http that respond me what is the group that user belongs
Okay, I guess it might be possible to get Squid to use ACLs based on the
result of an HTTP request, but I've never seen it done like this before.
This part is not a problem for me.
Maybe someone else on the list can suggest how this might be made to work.
> > > so with I have created a helper for authorization
> >
> > Tell us how this helper works.
>
> I thought that using a helper for autorization I can restricted the pages
> used for each member group
Have you created a helper, or not?
Yes!!
If you have created one, please tell us how it works.
This helper that I created
<?php
$f = fopen("php://stdin", "r");
while (!(feof($f))) {
$line = fgets($f);
if ($line) {
$fields = explode(' ', trim($line));
$username = rawurldecode($fields[0]);
$password = rawurldecode($fields[1]);
//
if ($username=="edwin" && $password=="1234")
fwrite(STDOUT, "OK\n");
else
fwrite(STDOUT, "ERR\n");
}
}
?>
This helper is just for testing , but when I tested it doent work
> > How does it identify one group from another?
>
> Uhm...the structere are differents , really there are in different tables
> in my DB that is in the server
So, you're doing an HTTP request to a web server, which then looks up the user
in a database, and returns a result as an HTTP response...
Surely it would be easier (and quicker / more efficient) to get Squid to
interrogate the database?
> > > the problem is how can i do this ACL
I wouldn't start from there, so I hope someone else here can suggest a way of
getting this to work.
What made you start with this approach in the first place?
Now, I changed the approach , I just want one group for everything and other, localnet restricted,instead of use 4 groups just 2 one for admin, other for
Antony.
--
Atheism is a non-prophet-making organisation.
Please reply to the list;
please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
squid-users Info Page<http://lists.squid-cache.org/listinfo/squid-users>
lists.squid-cache.org
squid-users -- General discussion relating to Squid. The membership of this list is thousands of Squid users from around the world About squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171211/e96677aa/attachment.html>
More information about the squid-users
mailing list