RE: [squid-users] How would Squid server sense authentication?

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Mon, 16 Jul 2007 16:36:40 +0200

mån 2007-07-16 klockan 09:43 -0400 skrev Vootla, Bhagwan:

> But I am instructed to AVOID putting anything on the client side. To
> avoid this, What I was trying to achieve is... Make apache as a secured
> web server and perform secured authentication against ldap server, and
> then inform squid server that no more authentication is needed for
> browsing. Not sure, if this is possible, But trying to explore the
> possible ways.

This is possible only if the user can be uniquely identified by the IP
address. You can then plug in the needed details to Squid via the
external_acl_type directive.

Using Digest authentication is another option. Reasonably secure, and
reasonable support in most browsers. Problem is on the server side where
it's not easy to integrate with existing password databases as the proxy
never sees the plain-text password..

Regards
Henrik

Received on Mon Jul 16 2007 - 08:36:52 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT