Re: [squid-users] quick question about squid proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 10 Aug 2011 12:55:36 +1200

 On Tue, 9 Aug 2011 17:45:10 -0400, Nathan Rice wrote:
> Hello all,
>
> I apologize if I missed this when I was perusing the squid
> documentation. I am looking for caching proxy with the ability to
> transparently authenticate at a remote site on behalf of users. For
> example, a user requests page X, which requires a password; the squid
> server fetches this page on behalf of the user, providing canned
> credentials when required; squid then serves this page to the user
> without requiring any password.
>
> Is this possible with squid? If so, could someone kindly point me to
> the relevant section of the documentation?
>
> Thank you,
>
> Nathan Rice

 Site credentials are normally restricted very strictly to
 browser->website communication and the proxy does not take part.

 That said, for specific site(s) you can configure an explicit
 originserver cache_peer link to the web server. Using the login= option
 to send credentials for all requests down that link.
  http://www.squid-cache.org/Doc/cofnig/cache_peer

 These are restricted to insecure Basic auth credentials in all squid.
 Latest releases extend this to include Negotiate/Kerberos auth as
 mentioned in that doc.

 NOTE that in any event the user is never actually authenticated. What
 goes down the link may in fact be multiple interleaved "users" on the
 receiving side of Squid. The only thing that type of auth validates is
 that the request came through your Squid. Be careful.

 Amos
Received on Wed Aug 10 2011 - 00:55:44 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 10 2011 - 12:00:01 MDT