Re: Inquiry of Transparent Proxying

From: Gene Black <>
Date: Tue, 20 Apr 1999 02:14:23 -0400

Dancer wrote:
> Gene Black wrote:
> >
> > I keep hearing this bit about not being able to authenticate doing
> > Transparent Proxying... Naturally the normal proxy authentication won't
> > work, but... it doesn't take much thought to realize that there's no
> > reason the proxy server can't do it's own little authentication deal and
> > simply redirect the first (or any needed subsequent requests) to it's
> > own private HTML login that it requires before passing the request
> > through unmolested... Does anyone know of a product that does this yet?
> Not to my knowledge.
> > Is there any work being done to add it to Squid?
> Again, the same. Care to volunteer?
> D

I could see that coming... I've thought about it some. Probably the
best way to handle authentication would be an "identify by IP, and
expire authentication after X amount of inactivity". Probably one of the
nicest sources of authentication would be RADIUS. Second would be the
passwd file. The thing is, I don't know beans about coding for RADIUS
stuff, and I've only seen code for passwd stuff (I've not actually
written any, though I did mutilate the passwd program in the Shadow
Suite for my own purposes at one point in time...). Redirection to the
login can probably be neatly implimented with a quick cludge to the
redirect feature of squid. From there you just spit out a generic
login/password form and have it feed the contents back to you CGI style.

Received on Tue Apr 20 1999 - 00:05:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:52 MST