Re: [squid-users] Authentication Override

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sat, 05 May 2007 10:35:52 +0200

fre 2007-05-04 klockan 14:44 -0400 skrev Chris Nighswonger:

> I never have been real clear on the difference between realm and
> domain. What is it?

realm is the identification of the protection space on the server (or
possibly servers, if using Digest)

The Windows Domain is a division of users for administrative purposes,
not related to the server other than that there must at least be an
administrative trust between the administrative domain of the server and
the administrative domain of the user.

Quote from RFC2617

   The realm directive (case-insensitive) is required for all
   authentication schemes that issue a challenge. The realm value
   (case-sensitive), in combination with the canonical root URL (the
   absoluteURI for the server whose abs_path is empty; see section 5.1.2
   of [2]) of the server being accessed, defines the protection space.
   These realms allow the protected resources on a server to be
   partitioned into a set of protection spaces, each with its own
   authentication scheme and/or authorization database. The realm value
   is a string, generally assigned by the origin server, which may have
   additional semantics specific to the authentication scheme. Note that
   there may be multiple challenges with the same auth-scheme but
   different realms.

Regards
Henrik

Received on Sat May 05 2007 - 02:35:57 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:04 MDT