[squid-users] Re: Squid Authentication in Transperent Acceleration.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 14 Nov 2003 12:11:22 +0100 (CET)

On Fri, 14 Nov 2003, Rajendra Kulkarni wrote:

> I want to authenticate users from my own authenticator-program, when Squid is deployed as Transparent proxy, in Acceleration mode.
>
> I am aware of the 401 / 407 and their limitations and also aware that this is browser's limitation, and not Squid's!!
>
> What I could think of, as a solution, is:
>
> 1) browser will send conventional (transperent) request to accelerator (i.e. to squid)
> 2) instead of the requested URL, squid will show it's own web page with a user-name / password html form
> 3) the HTML form gets submitted to squid, and it calls an External authenticator with these user-name / password
> 4) if external authenticator returns TRUE, squid allows that Source IP till the configured TTL.
>
> Is such an implementation possible using Squid?

Yes.

You will need to implement a redirector or external acl helper to Squid
having the "session" logics, and redirecting not authenticated stations to
your login page. Your login page and your helper needs to share a common
session database/registry of some kind allowing both to share a common
view of what sessions are currently active.

No modifications to Squid is required for this.

Regards
Henrik
Received on Fri Nov 14 2003 - 04:11:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:18 MST