RE: Pulling up instructions for authentication

From: Espen Lyngaas <>
Date: Sat, 30 Oct 1999 02:28:05 +0200

> It is required to do so by the HTTP standards, although most
> browsers will only show this information after three failed
> attemps or the authentication dialogue is cancelled.
> It cannot force a page to be displayed in the meantime.

Not in the meantime, but just before. Something like this:

(after having determined that the url requires authentication, by an
external authenticator..)

1) Squid stores the string with the requested url
2) Sends out the page with the instructions
3) Sends out the http code for the dialog box
(By this time, the browser has a auth. dialog box with the instructions
page underneath)
4) Gets the OK from the external authenticator
5) Goes out and gets the stored, initially requested url
6) Ships its contents to the browser

If the auth. fails three times, or if the user pressed Cancel, Squid would
of course replace the instructions page not with the requested url, but

As far as I can tell, this would work with a browser, but it probably
violates the protocol and might cause some problems for non-browser

> Note that the original challenge from the proxy should contain
> a string which will be displayed in the dialogue box by any
> competent browser, to indicate the resource to which the challenge
> applies (probably the whole proxy server in this case).

The average user has absolutely no idea what 'proxy' means, and although
the text could say 'Type in your userid and password', IE's dialog box
includes a field for the NT domain name as well just to complicate matters.

> As far as I can tell, it is the job of the external authenticator
> program to generate all this information.

Yes, I agree, but Squid would need to pass some information to the external
program in order for it to send the information to the correct socket.

Espen Lyngaas, IT Consultant, Color Group ASA
Phone: +47-95063143 +47-22944315
Received on Fri Oct 29 1999 - 18:46:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:08 MST