Re: auth from parent and sibling

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 26 Jun 1999 12:09:39 +0200

Gestore Mailing List wrote:

> the trouble are about the authorization.If on th eparent cache
> i leave the acl for sibling with allow the users taha come by
> tah proxy are not asked for a password, if i sue the allow
> password for the sibling they , that use a random number to
> laod balacong, are asked two time for the password.How i can
> resolve this?? i would liek to use them in load balacing but
> the passwd must reside ont parent and asked one times only.

When using proxy authentication the client must use one proxy name only
for the whole session. The proxy auth password is cached in the client
(browser) memory using the proxy name as cache key. For every proxy used
by the client, the user will be asked for authentication.

Load distributions you can use without problem in conjunction with proxy
auth:

* DNS round robin (same proxy name, multiple IP addresses)
* L4 switching, with any distribution supported by the switch
* Division by client location, based on IP address or whatever that is
static during the whole user session.

You can't use a PAC script to perform random (or another per request
distribution) load balancing, or the end user will be asked for their
password once for each proxy the PAC script uses.

The actual autorization can be located anywhere along the request path,
but the client can (currently) only be autorized at one level.

--
Henrik Nordstrom
Spare time Squid hacker
Received on Sat Jun 26 1999 - 04:55:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:47:00 MST