src/auth/basic/SSPI/basic_sspi_auth.8

   1 .if !'po4a'hide' .TH basic_sspi_auth.exe 8
   2 .
   3 .SH NAME
   4 basic_sspi_auth.exe \- Basic authentication protocol
   5 .PP
   6 Version 2.0
   7 .
   8 .SH SYNOPSIS
   9 .if !'po4a'hide' .B basic_sspi_auth.exe
  10 .if !'po4a'hide' .B "[\-d] [\-A "
  11 Group Name
  12 .if !'po4a'hide' .B "] [\-D "
  13 Group Name
  14 .if !'po4a'hide' .B "] [\-O "
  15 Default Domain
  16 .if !'po4a'hide' .B "]"
  17 .
  18 .SH DESCRIPTION
  19 .B basic_sspi_auth.exe
  20 is a simple authentication module for the Squid proxy server running on Windows NT
  21 to authenticate users on an NT domain in native WIN32 mode.
  22 .
  23 .PP
  24 Usage is simple. It accepts a username and password on standard input
  25 and will return
  26 .B OK
  27 if the username/password is valid for the domain/machine, or
  28 .B ERR
  29 if there was some problem. It is possible to authenticate against NT trusted domains specifying the username
  30 in the domain\\username Microsoft notation.
  31 .
  32 .SH OPTIONS
  33 .if !'po4a'hide' .TP 12
  34 .if !'po4a'hide' .B \-A
  35 A Windows Local Group name allowed to authenticate.
  36 .
  37 .if !'po4a'hide' .TP
  38 .if !'po4a'hide' .B \-d
  39 Write debug info to stderr.
  40 .
  41 .if !'po4a'hide' .TP
  42 .if !'po4a'hide' .B \-D
  43 A Windows Local Group name not allowed to authenticate.
  44 .
  45 .if !'po4a'hide' .TP
  46 .if !'po4a'hide' .B \-O
  47 The default Domain against to authenticate.
  48 .
  49 .SH CONFIGURATION
  50 .PP
  51 Users that are allowed to access the web proxy must have the Windows NT
  52 User Rights
  53 .I "\"logon from the network\""
  54 and must be included in the NT LOCAL User Groups specified in the Authenticator's command line.
  55 .PP
  56 This can be accomplished creating a local user group on the NT machine, grant the privilege,
  57 and adding users to it.
  58 .
  59 .PP
  60 You will need to set the following line in
  61 .B squid.conf
  62 to enable the authenticator:
  63 .if !'po4a'hide' .RS
  64 .if !'po4a'hide' .B auth_param basic program c:/squid/libexec/basic_sspi_auth.exe [options]
  65 .if !'po4a'hide' .RE
  66 .
  67 .PP
  68 You will need to set the following lines in
  69 .B squid.conf
  70 to enable authentication for your access list:
  71 .if !'po4a'hide' .RS
  72 .if !'po4a'hide' .B acl aclName proxy_auth REQUIRED
  73 .if !'po4a'hide' .br
  74 .if !'po4a'hide' .B http_access allow aclName
  75 .if !'po4a'hide' .RE
  76 .
  77 .PP
  78 You will need to specify the absolute path to
  79 .B basic_sspi_auth.exe
  80 in the
  81 .B "auth_param basic program"
  82 directive.
  83 .
  84 .SH TESTING
  85 .PP
  86 I strongly urge that
  87 .B basic_sspi_auth.exe
  88 is tested prior to being used in a
  89 production environment. It may behave differently on different platforms.
  90 To test it, run it from the command line. Enter username and password
  91 pairs separated by a space. Press ENTER to get an OK or ERR message.
  92 Make sure pressing
  93 .B CTRL-D
  94  behaves the same as a carriage return.
  95 Make sure pressing
  96 .B CTRL-C
  97  aborts the program.
  98 .PP
  99 Test that entering no details does not result in an
 100 .B OK
 101 or
 102 .B ERR
 103 message.
 104 .PP
 105 Test that entering an invalid username and password results in an
 106 .B ERR
 107 message.
 108 .PP
 109 Note that if NT guest user access is allowed on the PDC, an
 110 .B OK
 111 message may be returned instead of
 112 .B ERR
 113 .PP
 114 Test that entering a valid username and password results in an
 115 .B OK
 116 message.
 117 .PP
 118 Test that entering a guest username and password returns the correct
 119 response for the site's access policy.
 120 .
 121 .SH AUTHOR
 122 This program was written by
 123 .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
 124 .PP
 125 Based on prior work by
 126 .if !'po4a'hide' .I Antonino Iannella (2000)
 127 .if !'po4a'hide' .I Andrew Tridgell (1997)
 128 .if !'po4a'hide' .I Richard Sharpe (1996)
 129 .if !'po4a'hide' .I Bill Welliver (1999)
 130 .PP
 131 This manual was written by
 132 .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
 133 .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
 134 .
 135 .SH COPYRIGHT
 136 .PP
 137  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
 138  *
 139  * Squid software is distributed under GPLv2+ license and includes
 140  * contributions from numerous individuals and organizations.
 141  * Please see the COPYING and CONTRIBUTORS files for details.
 142 .PP
 143 This program and documentation is copyright to the authors named above.
 144 .PP
 145 Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
 146 .
 147 .SH QUESTIONS
 148 Questions on the usage of this program can be sent to the
 149 .I Squid Users mailing list
 150 .if !'po4a'hide' <squid-users@lists.squid-cache.org>
 151 .
 152 .SH REPORTING BUGS
 153 Bug reports need to be made in English.
 154 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
 155 .PP
 156 Report bugs or bug fixes using http://bugs.squid-cache.org/
 157 .PP
 158 Report serious security bugs to
 159 .I Squid Bugs <squid-bugs@lists.squid-cache.org>
 160 .PP
 161 Report ideas for new improvements to the
 162 .I Squid Developers mailing list
 163 .if !'po4a'hide' <squid-dev@lists.squid-cache.org>
 164 .
 165 .SH SEE ALSO
 166 .if !'po4a'hide' .BR squid "(8), "
 167 .if !'po4a'hide' .BR GPL "(7), "
 168 .br
 169 The Squid FAQ wiki
 170 .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
 171 .br
 172 The Squid Configuration Manual
 173 .if !'po4a'hide' http://www.squid-cache.org/Doc/config/