Squid understands the URL syntax
http://user:password@server/path/to/file
and will automatically translate into a Basic HTTP authentication when
forwarding the request to a origin server.
What this means is that you can easily use a redirector helper to add
login information to forwarded requests.
What is missing from your proposed approach is the "session" concept
unless you are using some kind of authentication at Squid. What
defines a "user", and how to connect this with "what login+password
to use for this site"?
Blindly forwarding authentication of one site to another is not wise
from a security point of view. Such forwarding should only be done if
explicitly enabled for the sites in question.
If using Squid as an accelerator infront of your servers then a
number of other possibilities are available and quite nice things can
be done. See for example our eMARA product line.
Regards
Henrik
On Tuesday 03 September 2002 12.37, fathi.engineer@gnet.tn wrote:
> What I want is: once and only once one site have requested
> user to authenticate himself, squid will request the
> username/password to the user (as ususal), store them in a
> secure way and each time the user goes to another web site,
> squid will use this credentilas to authenticate him against
> this new site, without requesting the user to enter his
> credential again.
> So mainly, can squid act as such a single singon server/proxy
> and authenticate to certain web servers on behalf of the
> user ?
> If so, does apache need to be configured to request basic or
> digest authentication ?
> I think if this is possible with apache, it could be also
> possible with any other httpd like tomcat or others.
Received on Tue Sep 03 2002 - 05:28:09 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:02 MST