On Tue, 2003-10-07 at 20:19, Wilshire, Andrew wrote:
> I've tried re-ordering my http_access statements on the parent (see snip of
> squid.conf below) to allow the child cache before the proxy_auth acl,
> however then the usernames don't show up in the log :(. I've tried running
> fakeauth_auth from the command line, but either I don't know the syntax or
> it's broken becuase I never seem to be able to get it to return an error
> code. I'm kinda hoping it just goes "OK" with any syntax, as that's exactly
> what I'm looking for (hence if this is the case my IE session should stop
> prompting for password!)
You can't daisy chain NTLM authentication - it's incompatible with the
session based nature of NTLM.
What you can do is use the *:secret approach in your peer definition, to
have the child proxy log into the parent with the username and a known
secret. Then you'll have the username in the parent. The downside?
you'll probably need to disable all non child access to the parent.
Cheers,
Rob
-- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:25 MST