> -----Original Message-----
> From: GUIDOUX R InfoEdpEtcDep [mailto:Richard.Guidoux@socgen.com]
> Sent: Friday, June 01, 2001 7:01 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] [NTLM Authentication] use of external
> NT database
>
>
> Hello dear squid admins,
>
> I have read all the FAQs, and all documentation about NTLM
> authentication
> project (on squid.sourceforge site)
>
> Though, I have still 1 or 2 questions : (one on NTLM and the othe more
> general)
>
> 1) Possibility to use external database
>
> it seems that it is possible to have such a scheme :
>
> Client -------------------------> Proxy Squid
> NTLM Auth
>
>
> Now, for the database, where Squid checks user/password sent
> by client,
> has it to be local to Squid, or may Squid check the
> credentials after an
> external NT base (and if so, how to tell it in NTLM module ?)
It is possible, but such a module hasn't been written yet.
You can use some nthash-storage such as the smbpasswd file, or
a database of plaintext passwords.
It will be added as soon as the framework is stable enough for
Robert and I to consider moving beyond debugging.
> 2) Proxy chaining
>
> About chaining proxy, it is said in FAQ, that
> "Only one proxy cahce in a chain is allowed to "use"
> proxy-authentication
> request header. Once the header is used, it must not be
> passed on other
> proxies."
>
>
> Client --------> Proxy Squid A ----------> Proxy Squid B ------->
> Internet
>
> So it means that Client cannot authenticate to both Proxy A
> and Proxy B.
Correct.
>
> But, is it possible to have client authenticate to Proxy A,
> and proxy A
> authenticate to Proxy B ?
> If yes, how must I configure Proxy A ?
> (it should be possible after RFC 2616)
Sure, and in fact it can be done. But only using ONE user.
Username propagation has been considered but not yet implemented.
-- /kinkieReceived on Mon Jun 04 2001 - 01:04:31 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:27 MST