<snip>
> It is required to do so by the HTTP standards, although most
> browsers will only show this information after three failed
> attemps or the authentication dialogue is cancelled.
>
> It cannot force a page to be displayed in the meantime.
Not in the meantime, but just before. Something like this:
(after having determined that the url requires authentication, by an
external authenticator..)
1) Squid stores the string with the requested url
2) Sends out the page with the instructions
3) Sends out the http code for the dialog box
(By this time, the browser has a auth. dialog box with the instructions
page underneath)
4) Gets the OK from the external authenticator
5) Goes out and gets the stored, initially requested url
6) Ships its contents to the browser
If the auth. fails three times, or if the user pressed Cancel, Squid would
of course replace the instructions page not with the requested url, but
with the ERR_CACHE_ACCESS_DENIED page.
As far as I can tell, this would work with a browser, but it probably
violates the protocol and might cause some problems for non-browser
applications.
> Note that the original challenge from the proxy should contain
> a string which will be displayed in the dialogue box by any
> competent browser, to indicate the resource to which the challenge
> applies (probably the whole proxy server in this case).
The average user has absolutely no idea what 'proxy' means, and although
the text could say 'Type in your userid and password', IE's dialog box
includes a field for the NT domain name as well just to complicate matters.
> As far as I can tell, it is the job of the external authenticator
> program to generate all this information.
Yes, I agree, but Squid would need to pass some information to the external
program in order for it to send the information to the correct socket.
-- Espen Lyngaas, IT Consultant, Color Group ASA Espen.Lyngaas@colorline.no Espen.Lyngaas@c2i.net http://www.colorline.no http://home.c2i.net/elyngaas Phone: +47-95063143 +47-22944315Received on Fri Oct 29 1999 - 18:46:24 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:08 MST