RE: [SQU] Credentials forwarding? from Robert Collins on 2001-01-08 (squid-dev)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Tue, 9 Jan 2001 11:04:11 +1100

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
> Sent: Tuesday, 9 January 2001 10:48 AM
> To: Chemolli Francesco (USI)
> Cc: squid-dev@squid-cache.org
> Subject: Re: [SQU] Credentials forwarding?
>
>
> Chemolli Francesco (USI) wrote:
>
> > > A better choice is perhaps to translate it to basic with a shared
> > > secret password... this has the benefit that it is a
> known mechanism
> > > which is well understood by servers.
> >
> > That might work. Maybe some magic in the cache_peer options (i.e.
> > login=@USER@:sharedpassword)
>
> what about login=*:password. Looks better I think ;-)
>
> Implementing it should be pretty simple. One or two lines.
>
> /Henrik
>
>

The problem is, it's vulnerable to replay attacks.

Re: implementing
-Sure as a quick hack it'll get the username to the upstream server,
which then needs to be told something like
acl foo proxy_auth PASSEDTHROUGH
so that it doesn't try to authenticate externally every usercode, and
instead trusts the downstrem.

Rob
Received on Mon Jan 08 2001 - 17:07:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:14 MST