[squid-users] Login=PASS --> Query
Amos Jeffries
squid3 at treenet.co.nz
Thu Mar 9 17:04:21 UTC 2017
On 10/03/2017 3:23 a.m., Hareesh wrote:
> Hi
>
> I have a query related to the option Login=PASS in cache-peer. The
> documentation mentions the following.
>
> login=PASS Send login details received from client to this peer.
> Authentication is not required by this option.
>
> *If there are no client-provided authentication headers
> to pass on, but username and password are available
> from an external ACL user= and password= result tags
> they may be sent instead.*
>
> I want to understand what do they exactly mean by the text given *bold*?
> Where and how can the user and password be given as acls.
>
> Can some one please shed some light with possible example?
>
The usual purpose of external-ACL helper (external_acl_type) is to do
authorization (allowed/denied) checks (*not* authentication!!).
But it can also do out-of-band processing on what it gets given (eg
Cookie header, or WWW-Auth* header with custom scheme type, or IP and
IDENT values) and send back a response like "OK user=blah password=hello".
If there is no authenticated HTTP-auth login credentials for the request
these external-ACL provided credentials may be used to fulfill the
login=PASS requirement of delivering a Basic authentication header to
the peer.
Amos
More information about the squid-users
mailing list