Re: Authentication: Time and Monetary contributions

From: Henrik Nordstrom <>
Date: Wed, 09 May 2007 20:34:49 +0200

ons 2007-05-09 klockan 13:20 -0500 skrev Stefan Adams:

> 1) IP-based timed session. Authentication is actually done via a web
> page and not using the browser's built-in authentication schemes.
> This provides a lot of flexibility. Once the user enters credentials
> into the browser and is accepted, a session is created for x amount of
> time for that IP.

Doable, but requires a web server to serve out the login forms and
process the login.

> Shut down the computer all you want, as long as the
> session hasn't timed-out, the session still exists for that PC. A
> problem exists for schools where login sessions range from 5 minutes
> to hours and the PCs are shared among dozens of users throughout the
> day. An agent could be running on the computer that would, when
> killed, send an instruction to squid to kill the open session for that
> IP.

Yes. And plugs easily into Squid via the external acl scheme.

> 2) Active Directory. The Barracuda provides and Active
> Directory-based Domain Controller Agent which runs on every PC.

That's kind of the same as the above, but skipping the login.

The ntlm_ip_cache patch discussed earlier is another alternative which
is doable with Squid alone. Using the native HTTP proxy authentication,
but caching it on the IP of the client station for some time to both
allow other applications access, and to avoid overloading the Windows
domain controllers with web traffic authentication.

Received on Wed May 09 2007 - 12:34:55 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:08 MDT