[thirdparty/squid.git] / helpers / basic_auth / SSPI / basic_sspi_auth.8

.if !'po4a'hide' .TH basic_sspi_auth.exe 8
.
.SH NAME
.if !'po4a'hide' .B basic_sspi_auth.exe
.if !'po4a'hide' \-
Basic authentication protocol 
.PP
Version 2.0
.
.SH SYNOPSIS
.if !'po4a'hide' .B basic_sspi_auth.exe
.if !'po4a'hide' .B "[\-d] [\-A "
Group Name
.if !'po4a'hide' .B "] [\-D "
Group Name
.if !'po4a'hide' .B "] [\-O "
Default Domain
.if !'po4a'hide' .B "]"
.
.SH DESCRIPTION
.B basic_sspi_auth.exe 
is a simple authentication module for the Squid proxy server running on Windows NT
to authenticate users on an NT domain in native WIN32 mode.
.
.PP
Usage is simple. It accepts a username and password on standard input
and will return OK if the username/password is valid for the domain/machine,
or ERR if there was some problem.
It is possible to authenticate against NT trusted domains specifyng the username 
in the domain\\username Microsoft notation.
.
.SH OPTIONS
.if !'po4a'hide' .TP 12
.if !'po4a'hide' .B \-A
A Windows Local Group name allowed to authenticate.
.
.if !'po4a'hide' .TP
.if !'po4a'hide' .B \-d
Write debug info to stderr.
.
.if !'po4a'hide' .TP
.if !'po4a'hide' .B \-D
A Windows Local Group name not allowed to authenticate.
.
.if !'po4a'hide' .TP
.if !'po4a'hide' .B \-O
The default Domain against to authenticate.
.
.SH CONFIGURATION
.PP
Users that are allowed to access the web proxy must have the Windows NT
User Rights 
.I "\"logon from the network\"" 
and must be included in the NT LOCAL User Groups specified in the Authenticator's command line.
.PP
This can be accomplished creating a local user group on the NT machine, grant the privilege,
and adding users to it.
.
.PP
You will need to set the following line in 
.B squid.conf 
to enable the authenticator:
.if !'po4a'hide' .RS
.if !'po4a'hide' .B auth_param basic program c:/squid/libexec/basic_sspi_auth.exe [options]
.if !'po4a'hide' .RE
.
.PP
You will need to set the following lines in 
.B squid.conf 
to enable authentication for your access list:
.if !'po4a'hide' .RS
.if !'po4a'hide' .B acl aclName proxy_auth REQUIRED
.if !'po4a'hide' .br
.if !'po4a'hide' .B http_access allow aclName
.if !'po4a'hide' .RE
.
.PP
You will need to specify the absolute path to 
.B basic_sspi_auth.exe 
in the 
.B "auth_param basic program" 
directive.
.
.SH TESTING
.PP
I strongly urge that 
.B basic_sspi_auth.exe 
is tested prior to being used in a 
production environment. It may behave differently on different platforms.
To test it, run it from the command line. Enter username and password
pairs separated by a space. Press ENTER to get an OK or ERR message.
Make sure pressing 
.B CTRL-D
 behaves the same as a carriage return.
Make sure pressing 
.B CTRL-C
 aborts the program.
.PP
Test that entering no details does not result in an 
.B OK 
or 
.B ERR 
message.
.PP
Test that entering an invalid username and password results in an 
.B ERR 
message.
.PP
Note that if NT guest user access is allowed on the PDC, an 
.B OK 
message may be returned instead of 
.B ERR
.PP
Test that entering a valid username and password results in an 
.B OK 
message.
.PP
Test that entering a guest username and password returns the correct 
response for the site's access policy.
.
.SH AUTHOR
This program was written by
.if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
.PP
Based on prior work by
.if !'po4a'hide' .I Antonino Iannella (2000)
.if !'po4a'hide' .I Andrew Tridgell (1997)
.if !'po4a'hide' .I Richard Sharpe (1996)
.if !'po4a'hide' .I Bill Welliver (1999)
.PP
This manual was written by
.if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
.
.SH COPYRIGHT
This program and documentation is copyright to the authors named above.
.PP
Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
.
.SH QUESTIONS
Questions on the usage of this program can be sent to the
.I Squid Users mailing list
.if !'po4a'hide' <squid-users@squid-cache.org>
.
.SH REPORTING BUGS
Bug reports need to be made in English.
See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
.PP
Report bugs or bug fixes using http://bugs.squid-cache.org/
.PP
Report serious security bugs to
.I Squid Bugs <squid-bugs@squid-cache.org>
.PP
Report ideas for new improvements to the
.I Squid Developers mailing list
.if !'po4a'hide' <squid-dev@squid-cache.org>
.
.SH SEE ALSO
.if !'po4a'hide' .BR squid "(8), "
.if !'po4a'hide' .BR GPL "(7), "
.br
The Squid FAQ wiki
.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
.br
The Squid Configuration Manual
.if !'po4a'hide' http://www.squid-cache.org/Doc/config/
Commit	Line	Data
06fcded4	1	.if !'po4a'hide' .TH basic_sspi_auth.exe 8
6d5cbee6 AJ	2	.
6d5cbee6 AJ	3	.SH NAME
06fcded4	4	.if !'po4a'hide' .B basic_sspi_auth.exe
6d5cbee6 AJ	5	.if !'po4a'hide' \-
	6	Basic authentication protocol
	7	.PP
	8	Version 2.0
	9	.
	10	.SH SYNOPSIS
06fcded4	11	.if !'po4a'hide' .B basic_sspi_auth.exe
6d5cbee6 AJ	12	.if !'po4a'hide' .B "[\-d] [\-A "
	13	Group Name
	14	.if !'po4a'hide' .B "] [\-D "
	15	Group Name
	16	.if !'po4a'hide' .B "] [\-O "
	17	Default Domain
	18	.if !'po4a'hide' .B "]"
	19	.
	20	.SH DESCRIPTION
06fcded4	21	.B basic_sspi_auth.exe
6d5cbee6 AJ	22	is a simple authentication module for the Squid proxy server running on Windows NT
	23	to authenticate users on an NT domain in native WIN32 mode.
	24	.
	25	.PP
	26	Usage is simple. It accepts a username and password on standard input
	27	and will return OK if the username/password is valid for the domain/machine,
	28	or ERR if there was some problem.
e1b65506	29	It is possible to authenticate against NT trusted domains specifyng the username
6d5cbee6 AJ	30	in the domain\\username Microsoft notation.
	31	.
	32	.SH OPTIONS
06fcded4	33	.if !'po4a'hide' .TP 12
6d5cbee6 AJ	34	.if !'po4a'hide' .B \-A
6d5cbee6 AJ	35	A Windows Local Group name allowed to authenticate.
06fcded4 AJ	36	.
	37	.if !'po4a'hide' .TP
	38	.if !'po4a'hide' .B \-d
	39	Write debug info to stderr.
	40	.
	41	.if !'po4a'hide' .TP
6d5cbee6 AJ	42	.if !'po4a'hide' .B \-D
6d5cbee6 AJ	43	A Windows Local Group name not allowed to authenticate.
06fcded4 AJ	44	.
06fcded4 AJ	45	.if !'po4a'hide' .TP
6d5cbee6 AJ	46	.if !'po4a'hide' .B \-O
	47	The default Domain against to authenticate.
	48	.
e1b65506 AJ	49	.SH CONFIGURATION
e1b65506 AJ	50	.PP
6d5cbee6	51	Users that are allowed to access the web proxy must have the Windows NT
e1b65506 AJ	52	User Rights
	53	.I "\"logon from the network\""
	54	and must be included in the NT LOCAL User Groups specified in the Authenticator's command line.
6d5cbee6 AJ	55	.PP
	56	This can be accomplished creating a local user group on the NT machine, grant the privilege,
	57	and adding users to it.
	58	.
	59	.PP
	60	You will need to set the following line in
	61	.B squid.conf
	62	to enable the authenticator:
	63	.if !'po4a'hide' .RS
06fcded4	64	.if !'po4a'hide' .B auth_param basic program c:/squid/libexec/basic_sspi_auth.exe [options]
6d5cbee6 AJ	65	.if !'po4a'hide' .RE
	66	.
	67	.PP
	68	You will need to set the following lines in
	69	.B squid.conf
06fcded4	70	to enable authentication for your access list:
6d5cbee6	71	.if !'po4a'hide' .RS
06fcded4 AJ	72	.if !'po4a'hide' .B acl aclName proxy_auth REQUIRED
	73	.if !'po4a'hide' .br
	74	.if !'po4a'hide' .B http_access allow aclName
6d5cbee6 AJ	75	.if !'po4a'hide' .RE
	76	.
	77	.PP
	78	You will need to specify the absolute path to
06fcded4	79	.B basic_sspi_auth.exe
6d5cbee6 AJ	80	in the
	81	.B "auth_param basic program"
	82	directive.
	83	.
	84	.SH TESTING
	85	.PP
	86	I strongly urge that
06fcded4	87	.B basic_sspi_auth.exe
6d5cbee6 AJ	88	is tested prior to being used in a
	89	production environment. It may behave differently on different platforms.
	90	To test it, run it from the command line. Enter username and password
	91	pairs separated by a space. Press ENTER to get an OK or ERR message.
	92	Make sure pressing
	93	.B CTRL-D
	94	behaves the same as a carriage return.
	95	Make sure pressing
	96	.B CTRL-C
	97	aborts the program.
	98	.PP
06fcded4 AJ	99	Test that entering no details does not result in an
	100	.B OK
	101	or
	102	.B ERR
	103	message.
	104	.PP
	105	Test that entering an invalid username and password results in an
	106	.B ERR
	107	message.
	108	.PP
	109	Note that if NT guest user access is allowed on the PDC, an
	110	.B OK
	111	message may be returned instead of
	112	.B ERR
	113	.PP
e1b65506	114	Test that entering a valid username and password results in an
06fcded4 AJ	115	.B OK
	116	message.
	117	.PP
6d5cbee6 AJ	118	Test that entering a guest username and password returns the correct
	119	response for the site's access policy.
	120	.
	121	.SH AUTHOR
	122	This program was written by
	123	.if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
	124	.PP
	125	Based on prior work by
	126	.if !'po4a'hide' .I Antonino Iannella (2000)
	127	.if !'po4a'hide' .I Andrew Tridgell (1997)
	128	.if !'po4a'hide' .I Richard Sharpe (1996)
	129	.if !'po4a'hide' .I Bill Welliver (1999)
	130	.PP
	131	This manual was written by
	132	.if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
	133	.if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
	134	.
	135	.SH COPYRIGHT
	136	This program and documentation is copyright to the authors named above.
	137	.PP
	138	Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
	139	.
	140	.SH QUESTIONS
	141	Questions on the usage of this program can be sent to the
	142	.I Squid Users mailing list
	143	.if !'po4a'hide' <squid-users@squid-cache.org>
	144	.
	145	.SH REPORTING BUGS
	146	Bug reports need to be made in English.
	147	See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
	148	.PP
	149	Report bugs or bug fixes using http://bugs.squid-cache.org/
	150	.PP
	151	Report serious security bugs to
	152	.I Squid Bugs <squid-bugs@squid-cache.org>
	153	.PP
	154	Report ideas for new improvements to the
	155	.I Squid Developers mailing list
	156	.if !'po4a'hide' <squid-dev@squid-cache.org>
	157	.
	158	.SH SEE ALSO
	159	.if !'po4a'hide' .BR squid "(8), "
	160	.if !'po4a'hide' .BR GPL "(7), "
	161	.br
	162	The Squid FAQ wiki
	163	.if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
	164	.br
	165	The Squid Configuration Manual
	166	.if !'po4a'hide' http://www.squid-cache.org/Doc/config/