Re: [squid-users] Windows Username without authentication

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 28 Aug 2012 22:42:08 +1200

On 28/08/2012 5:42 p.m., Jarosch, Ralph wrote:
> Hi there,
>
> did anybody know some solution how i can log the windows Username without any kind of authentication?
> I search for something like...
> Oh u have an Username ok I will log it
> Or
> Oh u havenīt an username no problem I will only log your ip

username is the output of authentication. Maybe successful, maybe not
successful - but still authentication.

Without authentication nobody has usernames. If they do emit credentials
without asking that is a security leak you need to look at fixing.

  ... You can use fake authenticators that accept any type of garbage
and pull out the username given, but that still is using authentication
processes with the browser to get the details.

... You can have user identity labels using IDENT protocol and ident ACL
type. But these are user names (note the space) not usernames. You need
an ident server running on each client machine to retrieve these - Squid
does not yet pull out label details from NetBIOS exchanges AFAIK.

... You can use things like RADIUS or other pre-authenticated database
to look them up with external ACL helper based on passive details in the
request.

Amos
Received on Tue Aug 28 2012 - 10:42:16 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 28 2012 - 12:00:18 MDT