Re: [squid-users] Accelerator with authentication user changed?

From: Henk-Jan Kloosterman <proxy@dont-contact.us>
Date: Wed, 20 Jun 2001 22:36:46 +0200

I have been thinking about this subject the past days a lot,
 and would ask your opinion on a (theoratical) solution:

Could it be possible to allow a users access to a https (SSL "accelarator"),
after authentication ( with proxy_auth)

And as soon as the "SSL" link is there, then let them login to the other
host/domain?
In this case there would be only one server in the (https) path? Or am I
wrong?

(I know I would need 2.5 for this)

> I think you have discovered wby this is a hidden define.
>
> The user can only log on to one server per host/domain name. If there is
> two servers in the path only one of them can be performing
> authentication.
>
> Note: acceleration and proxying is very different things wrt
> authentication.
>
> Note2: You cannot perform authentication in a transparent proxy. Not
> technically possible.
>
> --
> Henrik Nordstrom
> Henk-Jan Kloosterman wrote:
> >
> > I use the http accelartor with user authentication (compiled
> > with -DAUTH_ON_ACCELERATION).
> >
> > The user logs on and can access the (intranet) hosts that he needs.
> >
> > But these hosts systems start some asp's (from MS-Outlook Web Access)
That
> > require the user to login to the application.
> > As soon as the user does that I can see in the access.log that also the
> > squid username is changed! So the user then needs to relogon to squid,
> > but the the application sees that a wrong user name. Does goes on for
some
> > time, untill all there are no more ASP's on the wbserver started.
Received on Wed Jun 20 2001 - 14:38:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:48 MST