Re: Pulling up instructions for authentication

As a sidebar to this thread... perhaps the motivation for this is to provide
the client with some insructions on what to enter in response to the initial
"Username and Password Required" dialog box... (I guess that would be step 4)
below?

I have been looking at how I would go about changing the text of that box, to
include instructions.

Where is the text/code for that dialog box set? So far I have only figured out
how to change the proxy_auth_realm string in squid.conf, which changes that
portion of text displayed,but Is the entire http code for that box available
somehow to be modified???

Dave J Woolley wrote:

> > From: Espen Lyngaas [SMTP:Espen.Lyngaas@colorline.no]
> >
> > If I understand the sequence of events correctly, Squid works something
> > like this:
> > ...
> > 1) Squid receives a request for a url from a browser
> > 2) Squid's acl config hits the url as one that requires authentication
> 4) Squid authenticates
>
> And the authentication supplied with the request is not
> correct. (else go to step 5)
>
> > 3) Squid sends out the http code to bring up the dialog box in the browser
> >
> Together with a web page explaining the reason for
> not directly replying with the requested page.
>
> The user keys the authentication data into the browser.
> The browser resends the request with the authentication
> data attached.
>
> Continue from step 1.
>
> > 5) Squid gets the url
> > ...
> >
> > Is it possible to get Squid to somehow send out an html doc just after
> > step
> > 2, containing instructions on what to type into the dialog box that just
> > appeared on your screen in step 3?
> >
> It is required to do so by the HTTP standards, although most
> browsers will only show this information after three failed
> attemps or the authentication dialogue is cancelled.
>
> It cannot force a page to be displayed in the meantime.
>
> > Once you've been authenticated, the instructions page would be replaced by
> >
> > the contents of the url you requested.
> >
> When the browser re-requests with the correct authentication,
> anything displayed by the browser will be replaced by the
> returned page. Generally it is the browser's authentication prompt
> that will be replaced - I know of no browser that displays the
> underlying HTML before a failure. (Note that it is possible that
> IE5, in its, misnamed, friendly errors mode, will never display the
> original web page.)
>
> The skeleton text for the web page is in
> ..../etc/errors/ERR_CACHE_ACCESS_DENIED
>
> Note that the original challenge from the proxy should contain
> a string which will be displayed in the dialogue box by any
> competent browser, to indicate the resource to which the challenge
> applies (probably the whole proxy server in this case).
> As far as I can tell, it is the job of the external authenticator
> program to generate all this information.
>
> NB I am generalising from documentation and origin server based
> authentication; I don't use proxy authentication. It is conceivable
> that the wrong HTML is sent.
>
> Overall, squid is constrained by the protocol and your browser, and
> how the browser is configured.

--
shanna leonard
senior systems programmer
arizona health sciences library
520.626.2923