Would the smb/winbind helper be able to do what I'm asking?
Or. Could you give me a little guidance on "writing a small helper that
tells squid the password is expired".
I don't have much of an idea on what that means. ;-)
TimR
Henrik Nordstrom <[EMAIL PROTECTED]>
01/15/2004 01:24 PM
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: [squid-users] Authentication
On Thu, 15 Jan 2004 [EMAIL PROTECTED] wrote:
> Is there a way for me to redirect to a specific URL if the user's
password
> is "blank" ??
>
> You suggested using an external ACL to block users with an expired
> password. Here's how I'm expiring passwords, since I'm using the NCSA
> helper:
>
> When I create a user, it dumps a username, a 'tab' and an expiration
date
> to a file called "expired".
> I have an agent that runs on a regular basis that watches the expired
> file. The agent checks the file by grepping for today via a pre
formatted
> date.
> If anything returns from the grep expression, it removes the password
from
> the user's entry in the password file. A null password is assumed
> expired.
What I would suggest is to change this slightly. Instead of using that
agent which removes users from the password file, keep the users there and
instead write a small helper to Squid to verify that the user account have
not expired. Then redirect users failing this check to the change password
page.
This gives you the mechanism that when a usier logs in with an expired
account he is redirected to the change password page.
See the "external_acl_type", "acl external" and "deny_info" directives.
Regards
Henrik
