Re: [squid-users] user authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 07 Nov 2001 09:12:40 +0100

Arindam Haldar wrote:

> 1) i have seen that when i use the transparent proxy feature(REDIRECT/netfilter) then auth fails !!. WHILE using browser setting its always OK-----WHY ????

Because you cannot authenticate to a proxy you are "not using".

When you are transparently intercepting port 80 traffic, the browser has
no way of knowing it is using a proxy or which proxy, and thus MUST NOT
allow proxy authentication. How is the browser supposed to tell that it
is your intercepting proxy that is asking for the users password, and
not a malicious web site? It can't and to the browser it looks like it
is a malicious web site.

> 2) users must have a tranparent way of loggin in, so is there a way/patch/anything so that users r not concerned about configuring their browser ??.. for eg some html page which redirects to squid for auth ??

For some browser version (mainly MS IE) you have WPAD
<http://www.wrec.org/Drafts/draft-ietf-wrec-wpad-01.txt>.

Can also be done by automatically configuring the browser settings in
login scripts etc.

> 3) can squid read from any other file (manually maintained) for username to check for users to allow browsing/passing ??..if so how ??.. will those users be catched with squid database ?

Squid does not care how you store the user names. It is up to you and
the auth helper you use.

The normal auth helper people use for manually maintained password files
is the ncsa_auth helper.

Regards
Henrik Nordström
Squid hacker
Received on Wed Nov 07 2001 - 01:14:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:56 MST