[zorp] auth in gpl version

Magosányi Árpád zorp@lists.balabit.hu
Thu, 19 Feb 2004 15:46:11 +0000

A levelezőm azt hiszi, hogy Neal Hamilton a következőeket írta:
> Does the gpl version of zorp offer any authenication? I want to auth 
> against my openldap server.

Some parts of the authentication infrastructure are missing in
zorp-gpl, but you can do authentication.

The first step is to get authentication data. You can either
do it using a protocol element like http proxy auth header
or ftp username/password, or by wrapping the protocol to
ssl, and use the cert for authentication.

With http and ftp you can use the upstream proxy attributes
to figure out. With pssl, you should use a patch which
exposes the certificate string to python. I have just
yesterday posted a patch to zorp-hu. Beware that I could
not find my original patch, so I had to recreate it from heart,
and did not compile or test it yet. You will find its tested
version in the next zorp-unoff release.

The second step is to check the authentication data against
some database. You can use ldap (I did it myself also), by
using the ldap python class in the usual way.
Don't forget to install python-ldap.

GNU GPL: csak tiszta forrásból