Hello,
I improved the patch for propagating authentication made by stunnel to "connect server" using ident protocol (RC 1413) : - Better implementation of RFC 1413 protocol (error replies) - multi-threading of the ident server and ident admin server : they can answer multiple requests (thanks to the great code of stunnel which permits easy generalization of code and multiplatform support) - servers keep connections open which allows several requests without connecting/disconnecting each time. - some bugs correction.
This patch allow the "connect server " to just ask stunnel about the client identity using ident protocol. No double authentication needed (as far as you use client certificates with stunnel)... It is useful when, on your "connect server" (for example Apache with mod_ident or squid or dansguardian), you want to : - keep relevant log of who/when connected - implement profile access
Refs : For Apache : http://httpd.apache.org/docs/2.2/mod/mod_ident.html For Squid : http://www.squid-cache.org/Doc/config/ident_lookup_access/ For Dansguardian : http://dansguardian.org/downloads/detailedinstallation2.html (see Username identification methods)
Feedback welcomed,