Hi There.
Please forgive the waffle.
We have an authenticated Squid proxy passing through to ATHENS
Authentication. http://www.athens.ac.uk. This works superbly well, and
is basically so our off campus users can use IP restricted resources.
Details of exactly what we are doing are available at
http://libweb.apu.ac.uk/authen/proxy.htm (you should get the picture)
It's a fairly basic Username / Password Authentication setup fired by a
.pac file the users setup in their browser.
As with all things they move on. Maintaining a 12,000 user name space
requires a fair bit of admin. Maintaining 2 is just a waste of time, and
is exactly what we are doing at the moment. Add in "Students" to the mix
and you see the problem.
Solution: Junk the ATHENS auth in favour of a Devolved authentication
method. Use a Local name space (In this case our Library Login using
Aleph 500) with Devolved ATHENS via a session cookie based system and we
have an interesting mix. This is where we are going for all our ATHENS
authenticated resources.
What I need to know is:
1) Could this session cookie based auth possibly work with squid. I'm
100% open to suggestions.
2) I'd also like to avoid the User Config of the .pac file URL - maybe
auto send it as required - can this be done ?
3) Could a small java app push everything through the proxy after they
are authenticated and identified as being off campus? Maybe sent from
the squid server, maybe a.n.other web server. This could also help
eliminate a further set of issues relating to Citrix ICA stuff.
4) Am I totally barmy for even attempting this in the first place ?
Your help is very much appreciated.
-- Alex Collins. Library Systems and Support Officer. Rivermead Library. Tel:01245 493131 X3722 Fax: X3145 a.collins@apu.ac.uk http://libweb.apu.ac.uk This message has been ROT-13 Encrypted twice for Extra Security !Received on Wed Nov 12 2003 - 15:53:54 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:15 MST