Article delegate-en/3348 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3347@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: optional authentication depending on destination (Re: Help with special config)
02 Jul 2006 08:44:35 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


In message <_A3347@delegate-en.ML_> on 07/01/06(20:30:19) I wrote:
 |I think your configuration can be like this:
 |
 |  - anyone can access to a set of servers without authentication
 |  - authenticated users can access to unrestricted servers
 |
 |You can use AUTHORIZER as a local option to each MOUNT point.
 |This might sound natual when you are using DeleGate as an origin server,
 |but it is also applicable to a DeleGate acting as a proxy server.
 |In this case, MOUNT is not used for rewriting but only for access
 |control like this for example.
 |
 |  MOUNT="* = dst=!{host1,host2},AUTHORIZER=-list{user1:pass1,user2:pass2}"
 |
 |This means any accesses to arbitrary hosts (except host1 and host2) are
 |applied this MOUNT.  After this MOUNT is selected, (in the interpretation
 |of HTTP message), it option requires authentication (proxy authentcation
 |to the HTTP client in this case).
 |
 |"* =" means this MOUNT matches any URL and no rewriting is achieved.
 |"dst=!{a list of host}" means this MOUNT is applied when the destination
 |(server) host is not in the list.
 |"AUTHORIZER=-list{a list of pairs of user:pass}" means users must be
 |autorized by username and password in the list to access via this MOUNT.

I'm reminded ;) that there is another more natual way to make this
conditional authorization with an AUTHORIZER parameter as this:

  AUTHORIZER="-list{user1:pass1,user2:pass2}:*:!{host1,host2}:*"

This means that the authentication is required only when the destination
server is not host1 or host2.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ^ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V