RE: SQUID authentication issues

From: Leonard Els <leonard@dont-contact.us>
Date: Tue, 17 Jun 2003 09:59:25 +0200

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Saturday, June 14, 2003 3:03 PM
To: Leonard Els; 'squid-dev@squid-cache.org'
Subject: Re: SQUID authentication issues

>> It was then when I came up with the following thought. Is it
>> possible to get squid to issue its OWN SECURE authentication web
>> FORM over SSL? This is what Novell's BorderManager product does
>> (see jpg insert).
>
>Yes, but this won't be proxy authentication.
>
>By using this method the user authorizes his IP address to use the
>proxy for a given period of time. To do this you implement a login
>form on some web server, and make the script which accepts logins
>from this form then inform Squid or your firewall that the IP address
>is not authorized to use the proxy.

I was thinking of squid serving the login form directly, and not thru a
separate web server. So if the user requests a page via squid, and the user
is not yet authenticated, then instead of squid fetching and serving that
page back to the user, squid instead serves a secure SSL login form back to
the user (i.e. squid becomes a web server for that page). On completion of
the credentials by the client, squid intercepts the form repsonse (as the
response will go back via squid) and authenticates the user details against
some authentication method (say secure LDAP or local MYSQL database). Is
this possible? This eliminates the requirement of involving another web
server and that web server then informing squid if the request is allowed.
Received on Tue Jun 17 2003 - 02:04:45 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:08 MST