1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
$Id: README,v 1.2 2005/05/17 16:56:29 hno Exp $
README file for ip_user_check, an external helper for the
Squid external acl scheme.
It works by reading a pair composed by an ip address and an username
on STDIN and matching it against a configuration file.
The configuration for the external ACL should be:
external_acl_type type-name %SRC %LOGIN /path/to/ip_user_check -f /path/to/config.file
If the program finds a matching username/ip in the configuration file,
it returns `OK', or `ERR' otherwise.
The usage for the program is:
ip_user_check -f <configuration_file>
The configuration file format is as follows:
ip_addr[/mask] user|@group|ALL|NONE
Where ip_addr is a dotted quad format IP address, the mask
must be in dotted quad format too.
When the second parameter is prefixed with an @, the program will lookup in the
/etc/group entry for the specified username.
There are other two directives, `ALL' and `NONE', which mean "any user on this ip
address may authenticate" or "no user on this ip address may authenticate".
TODO
- Deny operator, to create `allow all but' rules
- Check for a valid user in the OS
- Accept decimal format netmasks
--
Rodrigo Campos
rodrigo@geekbunker.org
|
