[squid-users] HMAC basic auth

[Vladislav Yarmak]

Hello,

I'd like to share Basic auth helper I made for Squid:
https://github.com/SenseUnit/basic_hmac_auth

This helper enables Squid basic authentication with HMAC-signatures passed as a
password.

Such scheme is useful in scenarios where proxy credentials are provisioned by
some central authority (e.g. webservice). This way proxy client obtains a login
and password pair from that authority and proxy can validate it without ever
contacting authority to check credentials status.

Compared to classical approaches with network request made by other helpers,
this approach has following benefits:
- No surge of validation requests whencredentials cache was emptied.
- No added latency to validate credentials.
- No issues with credentials cache coherence across different workers/instances
of Squid server, it's the client who will contact authority and just once per
credentials update.
- Some degree of autonomy - proxy will continue to serve when auth backend is
not available until credentials expire.

Hope some may also find it useful. Feedback is welcome!

--
Best regards,
Vladislav Yarmak