On Tue, 9 Aug 2011 17:45:10 -0400, Nathan Rice wrote:
> Hello all,
>
> I apologize if I missed this when I was perusing the squid
> documentation. I am looking for caching proxy with the ability to
> transparently authenticate at a remote site on behalf of users. For
> example, a user requests page X, which requires a password; the squid
> server fetches this page on behalf of the user, providing canned
> credentials when required; squid then serves this page to the user
> without requiring any password.
>
> Is this possible with squid? If so, could someone kindly point me to
> the relevant section of the documentation?
>
> Thank you,
>
> Nathan Rice
Site credentials are normally restricted very strictly to
browser->website communication and the proxy does not take part.
That said, for specific site(s) you can configure an explicit
originserver cache_peer link to the web server. Using the login= option
to send credentials for all requests down that link.
http://www.squid-cache.org/Doc/cofnig/cache_peer
These are restricted to insecure Basic auth credentials in all squid.
Latest releases extend this to include Negotiate/Kerberos auth as
mentioned in that doc.
NOTE that in any event the user is never actually authenticated. What
goes down the link may in fact be multiple interleaved "users" on the
receiving side of Squid. The only thing that type of auth validates is
that the request came through your Squid. Be careful.
Amos
Received on Wed Aug 10 2011 - 00:55:44 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 10 2011 - 12:00:01 MDT