]>
Commit | Line | Data |
---|---|---|
06fcded4 | 1 | .if !'po4a'hide' .TH basic_sspi_auth.exe 8 |
6d5cbee6 AJ |
2 | . |
3 | .SH NAME | |
d632afde | 4 | basic_sspi_auth.exe \- Basic authentication protocol |
6d5cbee6 AJ |
5 | .PP |
6 | Version 2.0 | |
7 | . | |
8 | .SH SYNOPSIS | |
06fcded4 | 9 | .if !'po4a'hide' .B basic_sspi_auth.exe |
6d5cbee6 AJ |
10 | .if !'po4a'hide' .B "[\-d] [\-A " |
11 | Group Name | |
12 | .if !'po4a'hide' .B "] [\-D " | |
13 | Group Name | |
14 | .if !'po4a'hide' .B "] [\-O " | |
15 | Default Domain | |
16 | .if !'po4a'hide' .B "]" | |
17 | . | |
18 | .SH DESCRIPTION | |
06fcded4 | 19 | .B basic_sspi_auth.exe |
6d5cbee6 AJ |
20 | is a simple authentication module for the Squid proxy server running on Windows NT |
21 | to authenticate users on an NT domain in native WIN32 mode. | |
22 | . | |
23 | .PP | |
24 | Usage is simple. It accepts a username and password on standard input | |
10228f68 AJ |
25 | and will return |
26 | .B OK | |
27 | if the username/password is valid for the domain/machine, or | |
28 | .B ERR | |
29 | if there was some problem. It is possible to authenticate against NT trusted domains specifying the username | |
6d5cbee6 AJ |
30 | in the domain\\username Microsoft notation. |
31 | . | |
32 | .SH OPTIONS | |
06fcded4 | 33 | .if !'po4a'hide' .TP 12 |
6d5cbee6 AJ |
34 | .if !'po4a'hide' .B \-A |
35 | A Windows Local Group name allowed to authenticate. | |
06fcded4 AJ |
36 | . |
37 | .if !'po4a'hide' .TP | |
38 | .if !'po4a'hide' .B \-d | |
39 | Write debug info to stderr. | |
40 | . | |
41 | .if !'po4a'hide' .TP | |
6d5cbee6 AJ |
42 | .if !'po4a'hide' .B \-D |
43 | A Windows Local Group name not allowed to authenticate. | |
06fcded4 AJ |
44 | . |
45 | .if !'po4a'hide' .TP | |
6d5cbee6 AJ |
46 | .if !'po4a'hide' .B \-O |
47 | The default Domain against to authenticate. | |
48 | . | |
e1b65506 AJ |
49 | .SH CONFIGURATION |
50 | .PP | |
6d5cbee6 | 51 | Users that are allowed to access the web proxy must have the Windows NT |
e1b65506 AJ |
52 | User Rights |
53 | .I "\"logon from the network\"" | |
54 | and must be included in the NT LOCAL User Groups specified in the Authenticator's command line. | |
6d5cbee6 AJ |
55 | .PP |
56 | This can be accomplished creating a local user group on the NT machine, grant the privilege, | |
57 | and adding users to it. | |
58 | . | |
59 | .PP | |
60 | You will need to set the following line in | |
61 | .B squid.conf | |
62 | to enable the authenticator: | |
63 | .if !'po4a'hide' .RS | |
06fcded4 | 64 | .if !'po4a'hide' .B auth_param basic program c:/squid/libexec/basic_sspi_auth.exe [options] |
6d5cbee6 AJ |
65 | .if !'po4a'hide' .RE |
66 | . | |
67 | .PP | |
68 | You will need to set the following lines in | |
69 | .B squid.conf | |
06fcded4 | 70 | to enable authentication for your access list: |
6d5cbee6 | 71 | .if !'po4a'hide' .RS |
06fcded4 AJ |
72 | .if !'po4a'hide' .B acl aclName proxy_auth REQUIRED |
73 | .if !'po4a'hide' .br | |
74 | .if !'po4a'hide' .B http_access allow aclName | |
6d5cbee6 AJ |
75 | .if !'po4a'hide' .RE |
76 | . | |
77 | .PP | |
78 | You will need to specify the absolute path to | |
06fcded4 | 79 | .B basic_sspi_auth.exe |
6d5cbee6 AJ |
80 | in the |
81 | .B "auth_param basic program" | |
82 | directive. | |
83 | . | |
84 | .SH TESTING | |
85 | .PP | |
86 | I strongly urge that | |
06fcded4 | 87 | .B basic_sspi_auth.exe |
6d5cbee6 AJ |
88 | is tested prior to being used in a |
89 | production environment. It may behave differently on different platforms. | |
90 | To test it, run it from the command line. Enter username and password | |
91 | pairs separated by a space. Press ENTER to get an OK or ERR message. | |
92 | Make sure pressing | |
93 | .B CTRL-D | |
94 | behaves the same as a carriage return. | |
95 | Make sure pressing | |
96 | .B CTRL-C | |
97 | aborts the program. | |
98 | .PP | |
06fcded4 AJ |
99 | Test that entering no details does not result in an |
100 | .B OK | |
101 | or | |
102 | .B ERR | |
103 | message. | |
104 | .PP | |
105 | Test that entering an invalid username and password results in an | |
106 | .B ERR | |
107 | message. | |
108 | .PP | |
109 | Note that if NT guest user access is allowed on the PDC, an | |
110 | .B OK | |
111 | message may be returned instead of | |
112 | .B ERR | |
113 | .PP | |
e1b65506 | 114 | Test that entering a valid username and password results in an |
06fcded4 AJ |
115 | .B OK |
116 | message. | |
117 | .PP | |
6d5cbee6 AJ |
118 | Test that entering a guest username and password returns the correct |
119 | response for the site's access policy. | |
120 | . | |
121 | .SH AUTHOR | |
122 | This program was written by | |
123 | .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it> | |
124 | .PP | |
125 | Based on prior work by | |
126 | .if !'po4a'hide' .I Antonino Iannella (2000) | |
127 | .if !'po4a'hide' .I Andrew Tridgell (1997) | |
128 | .if !'po4a'hide' .I Richard Sharpe (1996) | |
129 | .if !'po4a'hide' .I Bill Welliver (1999) | |
130 | .PP | |
131 | This manual was written by | |
132 | .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it> | |
133 | .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org> | |
134 | . | |
135 | .SH COPYRIGHT | |
5b95b903 | 136 | .PP |
5b74111a | 137 | * Copyright (C) 1996-2018 The Squid Software Foundation and contributors |
5b95b903 AJ |
138 | * |
139 | * Squid software is distributed under GPLv2+ license and includes | |
140 | * contributions from numerous individuals and organizations. | |
141 | * Please see the COPYING and CONTRIBUTORS files for details. | |
142 | .PP | |
6d5cbee6 AJ |
143 | This program and documentation is copyright to the authors named above. |
144 | .PP | |
145 | Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+). | |
146 | . | |
147 | .SH QUESTIONS | |
148 | Questions on the usage of this program can be sent to the | |
149 | .I Squid Users mailing list | |
8311b837 | 150 | .if !'po4a'hide' <squid-users@lists.squid-cache.org> |
6d5cbee6 AJ |
151 | . |
152 | .SH REPORTING BUGS | |
153 | Bug reports need to be made in English. | |
154 | See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. | |
155 | .PP | |
156 | Report bugs or bug fixes using http://bugs.squid-cache.org/ | |
157 | .PP | |
158 | Report serious security bugs to | |
8311b837 | 159 | .I Squid Bugs <squid-bugs@lists.squid-cache.org> |
6d5cbee6 AJ |
160 | .PP |
161 | Report ideas for new improvements to the | |
162 | .I Squid Developers mailing list | |
8311b837 | 163 | .if !'po4a'hide' <squid-dev@lists.squid-cache.org> |
6d5cbee6 AJ |
164 | . |
165 | .SH SEE ALSO | |
166 | .if !'po4a'hide' .BR squid "(8), " | |
167 | .if !'po4a'hide' .BR GPL "(7), " | |
168 | .br | |
169 | The Squid FAQ wiki | |
170 | .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq | |
171 | .br | |
172 | The Squid Configuration Manual | |
173 | .if !'po4a'hide' http://www.squid-cache.org/Doc/config/ |