[squid-users] squid-2.6-STABLE1: Authentication Configuration Options

From: Merton Campbell Crockett <m.c.crockett@dont-contact.us>
Date: Thu, 6 Jul 2006 07:28:57 -0700

I've downloaded squid-2.6-STABLE1 but have issues with identifying
the configuration options that I need to enable based on the ./
configure --help descriptions. The problem that I'm trying to solve
involves Windows-based corporate web servers that require
authentication to access a subset of the information stored on the
server.

I have two load-balanced Squid servers at my facility. They have
been in operation for roughly 10 years. Some users will configure
their browsers, manually, to use the servers, n.b. there is no load
balancing in this instance. Others will configure their browsers to
use an automatic configuration file while others will enable the web
proxy automatic detection feature or their browsers. The last two
cases are supported by a single proxy.pac/wpad.dat configuration file.

The only restriction on using the Squid servers is that the user's
system be physically connected to the network. There is no need for
user authentication to be able to use the Squid server. In the past,
I have added exceptions to the proxy.pac file that instruct the
browser to bypass Squid for servers that use the "WWW-Authenticate:
Negotiate" headers; however, there are now servers that require
authentication for specific directories. One can add exceptions in
the proxy.pac file for the specific URL. Unfortunately, without
modifying the Windows Registry to disable proxy caching, Internet
Explorer users will continue to use Squid while all other browsers
will go directly to the server.

What configuration options are needed to provide full support the
Windows "WWW-Authenticate" methods to eliminate the 401.1 and 401.2
errors?

Merton Campbell Crockett
m.c.crockett@adelphia.net
Received on Thu Jul 06 2006 - 08:29:19 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT