Support multiple user authentication about cow HOT 21 CLOSED

The problem it seems has to do with the memory, when there is little memory left on VPSes with no swap.

from cow.

You can specify multiple listen addresses, like the following:

listen = 127.0.0.1:7777, 127.0.0.1:8888

cow now supports only one user password pair.

I don't know why you need different ports for different users. Why not just use a single port and then specify multiple user and password pairs? For ease of network traffic statistics?

For the memory issue, are you running cow on OpenVZ?

from cow.

Yes Yufei. I use multiple ports so that I can use iptables to monitor and calculate users' data transfer.
It's an aliyun 512 ram. Not sure what virtualization is used. Maybe I have run too many instances. I was to test out if the idea works.

from cow.

I'm not sure whether cow is ready to serve thousands of uses simultaneously. I've only used it in environment with around 10 users by myself, and haven't run any stress test.

Please try your idea first. If it works, I will consider to add these features. Extending config file syntax will have long term impact so I don't want to rush into it.

from cow.

Thanks:-) I do not have many simultaneous users either. The problem is that I have to open a port for a user even when he is not using it. For example I need open 1000 ports:-) but only less than 10 people are actually connecting at the same time.
privoxy supports listening to multiple ports but it lacks authentication. I really think it's a useful feature.

from cow.

You may check if this can be done with squid. It has more authentication options.

from cow.

squid supports multiple ports, but it lacks the core feature cow has. I can link the two though, not sure if that will have any issues.

from cow.

Make cow as a parent proxy of squid should work.

With squid and a list of blocked sites (ip or domain name), I think squid can be configured to use parent proxy only for blocked sites by using ACLs.

from cow.

Yes Yufei,

That's what I am thinking too. Just noticed squid also supports mysql authentication, which is great.

I think cow can extend its authentication, like reading a separate file containing username:password pairs. In this way, we can simply dynamically update that file. No need to restart cow for newly added user:pass pair.

To summarize, i would like cow to add two features:

1. multiple ports. No need to change the current scheme. Just do this:

listen = 127.0.0.1:8080
listen = 127.0.0.1:8081
listen = 127.0.0.1:8082

1. Read an authentication table file (user:pass) by adding a parameter:

authTable=/root/.cow/users.txt

Then I would not need squid. Had bad experiences with squid before.

Dallas

from cow.

Repeat listen directive is easy to add.

Use a separate user password file is good, but you can not limit which port each user uses, is this you want?

from cow.

Not exactly, but better than no authentication if this is a lot easier

but! Instead of using separate username:password file, use a separate file that contains "port:user:pass" would be awesome, making cow different from squid and other proxies even more.

All in all we need a separate auth file as we can dynamically edit that file and do not need to edit cow config file when adding or deleting user:pass pairs.

from cow.

I suggest the following syntax in the authenticate file:

user:name[:port]

where port is optional. If port is present, the user must connect from that port. But you need to ensure the port is specified in listen directive.

I can implement this when I have time.

from cow.

Yes! Yes! Will look forward to this!

from cow.

Multi user authentication support has been added in the develop branch. See sample config for the added configuration syntax.

Note I'm still working on option reloading (it's tricky), so update password file will not have effect until you restart COW. But you can first try if this feature is working as expected. Tell me which platform binary do you need if you can't compile one by yourself.

from cow.

Thank you so much Yufei. This was quick. The reloading is no big deal if it's too difficult. I will need to reload cow when I add a new port anyway.
Can you create me binaries for debian (both 64 and 32 bit)?

from cow.

The binaries are uploaded to http://dl.chenyufei.info/cow, download the files that start with "testing".

I'll investigate solutions to support sever live update in Go to provide reload function. This will take some time.

from cow.

Thank you very much for you hard work. Will try this this weekend.

from cow.

Hi Yufei,

I tried this feature and it works well. Two things:

A minor bug: the last line of the username:password file won't be effective if it's not ended with a \n .

user1:pass1:7777
user2:pass2:7778

If "user2:pass2:7778" doesn't end with \n, then port 7778 will have no authentication.

Thank you so much!
If there is any social events you go to , let me know. Maybe we can meet someday and say thank you to you:-)

Dallas

from cow.

I've been a little busy these days so didn't reply soon.

For the last line problem, I made some test and didn't see the problem.

If you start cow with -debug option, it will show all the available users. Please have a check, the last user should appear in the debug message.

from cow.

Thanks Yufei. Will try now

2013/6/26 Chen Yufei [email protected]

I've been a little busy these days so didn't reply soon.

For the last line problem, I made some test and didn't see the problem.

If you start cow with -debug option, it will show all the available
users. Please have a check, the last user should appear in the debug
message.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/48#issuecomment-20049172
.

Yifan Zhao & Shouguang Cao (Dallas)
ProZ.com contest winner and ProZ.com certified pro.
http://dallascao.com/

Phone: +86 186 6265 3731
Fax: +86 512 8884 2566

Time +8
16-1-302 Feicuiwan, Gucheng Rd., Kunshan, Jiangsu Province, China 215300

from cow.

Indeed, it works OK. False Alarm

2013/6/26 Dallas Cao [email protected]

Thanks Yufei. Will try now

2013/6/26 Chen Yufei [email protected]

I've been a little busy these days so didn't reply soon.

For the last line problem, I made some test and didn't see the problem.

If you start cow with -debug option, it will show all the available
users. Please have a check, the last user should appear in the debug
message.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/48#issuecomment-20049172
.

---

Yifan Zhao & Shouguang Cao (Dallas)
ProZ.com contest winner and ProZ.com certified pro.
http://dallascao.com/

Phone: +86 186 6265 3731
Fax: +86 512 8884 2566

Time +8
16-1-302 Feicuiwan, Gucheng Rd., Kunshan, Jiangsu Province, China 215300

Yifan Zhao & Shouguang Cao (Dallas)
ProZ.com contest winner and ProZ.com certified pro.
http://dallascao.com/

Phone: +86 186 6265 3731
Fax: +86 512 8884 2566

Time +8
16-1-302 Feicuiwan, Gucheng Rd., Kunshan, Jiangsu Province, China 215300

from cow.