Re: [squid-users] Accelerator with authentication user changed?

From: Henk-Jan Kloosterman <proxy@dont-contact.us>
Date: Wed, 4 Jul 2001 15:11:21 +0200

I finaly found some time to set this up, but still have some questions:

On the internet outlook.company.com points to my squid server.
On my intranet outlook.company.net points to my (intranet) web server.

squid.conf
    http_port 80
    httpd_accel_host outlook.company.net
------
This works allright.
------
Next step is to make the login to the outlook.company.net server
automatically
(I have created ,lets say, a postmaster with password passmaster for this)

If I enter from the internet:
http://postmaster:passmaster@outlook.company.com/ I can see that I am
authenticated.

So I followed you advise and added in squid.conf

squid.conf
    cache_peer outlook.company.net sibling 80 7 login=postmaster:passmaster
    cache_peer_domain outlook.company.net outlook.company.net
--------
This does not work :-(
--------
I also tried to enter:

squid.conf
    cache_peer IP sibling 80 7 login=postmaster:passmaster
    cache_peer_domain IP outlook.company.net
------
Does not work either :-(
------

What am I doing wrong?

>
> >From the current (Squid-HEAD) cache_peer documentation:
>
> use 'login=user:password' if this is a personal/workgroup
> proxy and your parent requires proxy authentication.
> Note: The string can include URL escapes (i.e. %20 for
> spaces). This also means that % must be written as %%.
>
> use 'login=PASS' if users must authenticate against
> the upstream proxy. Note: To combine this with
> proxy_auth both proxies must share the same user
> database as HTTP only allows for one proxy login.
> Also be warned that this will expose your users proxy
> password to the parent. USE WITH CAUTION
>
> use 'login=*:password' to pass the username to the
> upstream cache, but with a fixed password. This is meant
> to be used when the peer is in another administrative
> domain, but it is still needed to identify each user.
> The star can optionally be followed by some extra
> information which is added to the username. This can
> be used to identify this proxy to the peer, similar to
> the login=username:password option above.
>
>
> > Logon to the server using a static (secret) usename+password.
>
> Which can be done by the login= cache_peer option if the server is
> defined as a cache peer, or if not defined as a cache_peer by a
> redirector by adding the login information to the URL
> (http://login:password@host/...).
>
> With the cache_peer approach you also have the options discussed above
> in preserving all or part of the login information.
Received on Wed Jul 04 2001 - 07:13:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:00 MST