Single Sign On with squid

From: Peter Polkinghorne <>
Date: Wed, 21 Apr 1999 13:14:49 +0200


We have been looking at ways to make single sign on (in summary user
authenticates themselves once - or least as little as possible by as few
means as possible) more of a reality.

One of the areas that is of interest to us is external Web Services -
typically in our environment electronic journals - that require password
(as opposed to IP) authentication.


Squid has proxy authentication - so it is possible to authenticate people at
Squid does some header rewriting - both via redirector and the anonymiser.

So it would be nice to use proxy-auth info to derive the authorisation info
for particular sites - this could be selected by an acl type mechanism - an
external program would then take say username password pair and
return OK plus authorisation info OR ERR, in similar fashion to the proxy auth


A: presumably Squid can not do this right now?

B: would people find such a mechanism useful?

C: are there any fatal flaws in this scheme?

D: would it be easy to implement in Squid - if so might have a go myself ...?

| Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,|
|   +44 1895 274000 x2561       UK          |
Received on Wed Apr 21 1999 - 06:22:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:54 MST