We currently are still putting together our reverse proxy configuration.
We are comprised of 4 sister companies, who internally can reach each others
private networks.
We also have customers and internal employees who need to access web
services from the internet.
Currently, we are looking to go with ldap authentication, as some companies
are on novell w/ldap directories and some are already on Active
Directory...with the plan being to eventually have everyone on AD. Current
customers are in a separate ldap directory, located in the DMZ accessing
webservers in the DMZ. Using squid as a reverse proxy, we plan on moving
those webservers to the back end network.
Our infrustructure already included 3 layers of firewalls, with 2 DMZ
zones...public/outer and private/inner.
We have gotten this far, and it works:
Webuser-->ssl-->fw-->squid-->ldap auth'd-->fw-->squid-->fw-->back end
network --> web servers.
Internal user-->ssl-->squid-->ldap auth'd-->same webservers as above.
A problem has arisen, where squid ldap authenticates via basic-auth and then
we hit a server that also wants to basic auth. Ie: Outlook Web Access uses
basic auth and the version we are on doesn't support form based
authentication. We can't upgrade and are stuck with the current version. One
http session= one basic auth. More than one is a violation and not allowed.
Squid is not a webserver, so I can't picture it using form based
authentication to the ldap directory.
Thoughts anyone?
Thanks in advance,
Chris Perreault
Received on Tue Jul 20 2004 - 06:43:38 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT