Re: [squid-users] Squid - Freeradius authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 23 Jun 2003 09:00:59 +0200

On Monday 23 June 2003 05.09, Wei Ming Long wrote:

> When I use radtest command, Freeradius return Access-Accept, but
> when I use the Radius helper, it gives me error.
> I'm using Freeradius-0.8.1 & Squid-2.5Stable on RedHat Linux 8.0

Don't know.

> Transparent proxy just redirects a packet to another port on which
> Squid listens, why can't Squid quthenticates the incoming
> redirected request with the Freeradius server?

Because the browser MUST NOT accept to do authentication to a proxy
which are not known and not supposed to be there. If it did then
there would be a gaping security hole in the browser.

Just consider the case when there is no interception proxy set up to
hijack the browsers connections to origin servers, or how the browser
is supposed to know which proxy it is authenticating to when for all
the browser knows it is talking to the origin server..

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Mon Jun 23 2003 - 01:01:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:35 MST