On Fri, 14 Nov 2003, Rajendra Kulkarni wrote:
> I want to authenticate users from my own authenticator-program, when Squid is deployed as Transparent proxy, in Acceleration mode.
>
> I am aware of the 401 / 407 and their limitations and also aware that this is browser's limitation, and not Squid's!!
>
> What I could think of, as a solution, is:
>
> 1) browser will send conventional (transperent) request to accelerator (i.e. to squid)
> 2) instead of the requested URL, squid will show it's own web page with a user-name / password html form
> 3) the HTML form gets submitted to squid, and it calls an External authenticator with these user-name / password
> 4) if external authenticator returns TRUE, squid allows that Source IP till the configured TTL.
>
> Is such an implementation possible using Squid?
Yes.
You will need to implement a redirector or external acl helper to Squid
having the "session" logics, and redirecting not authenticated stations to
your login page. Your login page and your helper needs to share a common
session database/registry of some kind allowing both to share a common
view of what sessions are currently active.
No modifications to Squid is required for this.
Regards
Henrik
Received on Fri Nov 14 2003 - 04:11:33 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:18 MST