RE: [SQU] Credentials forwarding?

From: Chemolli Francesco (USI) <ChemolliF@dont-contact.us>
Date: Fri, 1 Dec 2000 14:27:27 +0100

> Add a config option in cf.data.pre and structs.h
> in authenticate.c add the setting of your option to the logic that
> determines if the cache swallows the auth header...
>
> Note that this cannot work with ntlm, digest, certificate (AFAIK) or
> kerberos authentication schemes. It is RFC 2616 compliant
> (caches SHOULD
> NOT do this but MAY if it is how they co-operate).

Okay, let's change that.

First, what I'd like to do.
Suppose I have a proxy chain done like this:

child1 +
child2 +
child3 +---> parent_cache
... +
childn +

What I'd like to do is set it up so that load is split
among the caches: the child caches do credentials checking,
ACL checking and very lightweight caching. The parent cache
does just forwarding and heavyweight caching, but I'd like
to use it to log accesses, INCLUDING credentials.

A nice solution would be in having the child caches forward
a request's username, and then have maybe some shared secret
with the parent cache and a protocol extension telling it
"okay, trust me. I've already checked and this user is what
it claims to be. Just log it.".

-- 
	/kinkie
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Dec 01 2000 - 06:31:48 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:48 MST