Duane Wessels wrote:
> Are Henrik and I the only ones who read this list?
No, but I've been lurking since I just joined it :-)
> >> Auto-login to a server? Is this needed? Seems to me that
> >> authentication is an END-TO-END characteristic of HTTP.
> >> Having proxies insert authentication in the middle breaks that.
Well, it certainly violates the rule of least astonishment.
> >Well. It was requested. The intended use is when your organisation
> >as a whole has a account to a service, but you don't want every user in
> >your organisation to have to know the current login+password.
>
> I think its wrong. Any other opinions?
Actually, I'm going to need this feature as well. Requirements for using
Squid in a corporate environment differ substantially from those in the
real world. Some of my patches to Internet software I never distribute,
because I'm ashamed about the solution[1]. Some, like the NT
authentication for Squid, I try to get buy-in for, because it would make
future upgrades easier on me if it were to land in the main tree (and of
course for scoring nerd points).
I do agree such features need a good hard look, since they make the code
more complex and harder to document and maintain. There recently was a row
over an external authenticator. I didn't quite follow the debate, but if
we were to define a protocol for external authentication that could be
specified instead of the built-in ACL's, we'd limit the amount of code
hacking required to make changes to authentication. FWIW, I really like
the way the redirector interface works...
Did my patches to use Samba (NT) authentication ever make it to this list?
I don't remember a public outcry over the bogosity involved :-)
For some of these issues, my preferred solution is to have the hooks in
the official Squid, so that the integration effort of maintaining private
patches is reduced. Sort of like the way Apache modules work.
Some of the things currently in Squid I wish consisted of just the hooks.
My fingers have been itching to redo the bandwidth limiting stuff, for
example, and that would've been much easier if the code defined an
internal API, rather than spreading knowledge about bandwidth limiting
across a half dozen files.
Cheers,
-- Bert
[1] But anyone is welcome to my "actually working cc:Mail router" locating
software :-)
--
Bert Driehuis, MIS -- bert_driehuis@nl.compuware.com -- +31-20-3116119
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
-- Benjamin Franklin.
Received on Tue Jul 29 2003 - 13:15:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:57 MST