Hi Alex,
There maybe another approach to allow people access to
your resticted IP resources. It is great for people on
Company networks behind proxy firewalls or ISP that
require them to use their proxies.
EZproxy
http://www.usefulutilities.com/
University Researchers who are located on our Hospital
Network access restricted IP University Library
Services. The University Library runs EZproxy.
I know this doesn't answer your questions but I
thought
I would mention it just incase you did not know about
this product.
Kind Regards
Jeff Smith
> --- Alex Collins <a.collins@apu.ac.uk> wrote:
>
> > Hi There.
> >
> > Please forgive the waffle.
> >
> > We have an authenticated Squid proxy passing
> through
> > to ATHENS
> > Authentication. http://www.athens.ac.uk. This
> works
> > superbly well, and
> > is basically so our off campus users can use IP
> > restricted resources.
> >
> > Details of exactly what we are doing are available
> > at
> > http://libweb.apu.ac.uk/authen/proxy.htm (you
> should
> > get the picture)
> > It's a fairly basic Username / Password
> > Authentication setup fired by a
> > .pac file the users setup in their browser.
> >
> > As with all things they move on. Maintaining a
> > 12,000 user name space
> > requires a fair bit of admin. Maintaining 2 is
> just
> > a waste of time, and
> > is exactly what we are doing at the moment. Add in
> > "Students" to the mix
> > and you see the problem.
> >
> > Solution: Junk the ATHENS auth in favour of a
> > Devolved authentication
> > method. Use a Local name space (In this case our
> > Library Login using
> > Aleph 500) with Devolved ATHENS via a session
> cookie
> > based system and we
> > have an interesting mix. This is where we are
> going
> > for all our ATHENS
> > authenticated resources.
> >
> > What I need to know is:
> > 1) Could this session cookie based auth possibly
> > work with squid. I'm
> > 100% open to suggestions.
> > 2) I'd also like to avoid the User Config of the
> > .pac file URL - maybe
> > auto send it as required - can this be done ?
> > 3) Could a small java app push everything through
> > the proxy after they
> > are authenticated and identified as being off
> > campus? Maybe sent from
> > the squid server, maybe a.n.other web server. This
> > could also help
> > eliminate a further set of issues relating to
> Citrix
> > ICA stuff.
> > 4) Am I totally barmy for even attempting this in
> > the first place ?
> >
> > Your help is very much appreciated.
> > --
> > Alex Collins. Library Systems and
> Support
> > Officer.
> > Rivermead Library. Tel:01245 493131 X3722
> Fax:
> > X3145
> > a.collins@apu.ac.uk http://libweb.apu.ac.uk
> > This message has been ROT-13 Encrypted twice for
> > Extra Security !
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
__________________________________
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
http://antispam.yahoo.com/whatsnewfree
Received on Thu Nov 13 2003 - 05:25:56 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:17 MST