Depends on what level you need to authenticate at. At our school, I have an
MS Proxy system authenticating users (only members of the "Internet User"
group can access the 'Net). And my MS Proxy box forwards requests to our
ISP's proxy, which provides a filtered connection. So, the authentication
is confined to my local NT/9X network.
I take it you need to autheticate at the top level??
Vince Romeo, Systems Manager
Madison Academy
vjromeo@bigfoot.com
> -----Original Message-----
> From: Dancer [mailto:dancer@zeor.simegen.com]
> Sent: Monday, March 22, 1999 2:27 AM
> To: Henrik Nordstrom
> Cc: Squid Users
> Subject: Re: In need of a solution - silly MS-proxy & proxy-auth
>
>
> Henrik Nordstrom wrote:
> >
> > Dancer wrote:
> >
> > > Now...Have I completely failed to understand proxy-authentication in a
> > > hierarchy (My understanding was that the
> credentials/challenge would be
> > > passed transparently through proxies that did not require
> > > authentication, and then 'consumed' by the first unit in the
> chain that
> > > did require it) or is MS-proxy Doing The Wrong Thing(tm)?
> >
> > MS-proxy is doing the right thing. Transparently passing the
> > authentication onwards to other proxies is an Squid extension, and
> > should be changed to require cache_peer configuration.
> >
> > >From draft-ietf-http-v11-spec-rev-06, section 13.5.1:
> > ...
> > The following HTTP/1.1 headers are hop-by-hop headers:
> > ...
> > . Proxy-Authenticate
> > . Proxy-Authorization
> >
> > ---
> > Henrik Nordstrom
> > Spare time Squid hacker
>
> Hmm. I checked further down in the spec, and it _does_ say that a proxy
> which has no proxy-auth credentials MAY forward the challenge to the
> user, and submit _their_ credentials. Squid obviously does this, and
> MS-proxy obviously doesn't. Both are correct according to that spec. It
> still means I'm screwed though :(
>
> D
>
Received on Mon Mar 22 1999 - 08:36:26 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:21 MST