[squid-users] squid as reverse proxy for microsoft IIS with Advanced Digest Authentication

From: mik sib <miksib2000@dont-contact.us>
Date: Fri, 20 Oct 2006 12:32:12 +0200 (CEST)

Hi all,

in my dmz i've setup a suse 10 reverse proxy with
squid and squirm.
It works well except for the web application that need
to authenticate the user against the windows 2003 AD.
The security model of this application is set to
avanced digest auth.
http://www.microsoft.com/technet/pro....mspx?mfr=true

I've setup a samba/winbind in the hope that the squid
(executing in the indicated order) will I be able to
authenticate the user

auth_param digest program /usr/sbin/digest_pw_auth
/etc/squid/users.txt
auth_param digest children 10
auth_param digest realm Squid proxy-caching web server
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 25
auth_param digest check_nonce_count on

Am'i on the right way ?

Doesn anybody already use this with this kind of setup
?
I'm worry about the sentence find in the squid.conf

# WARNING: proxy_auth can't be used in a transparent
proxy. It
# collides with any authentication done by origin
servers. It may
# seem like it works at first, but it doesn't.

the msg that i get in the access.log is
<snip>
... authentication not applicable on accelerated
request

any ideas ?

thanky you very much

Mik

__________________________________________________
Do You Yahoo!?
Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi
http://mail.yahoo.it
Received on Fri Oct 20 2006 - 04:32:19 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST