Re: [squid-users] Authentication forwarding

From: Robert Collins <robert.collins@dont-contact.us>
Date: 16 Aug 2001 09:10:18 +1000

On 15 Aug 2001 08:28:02 -0700, Eric Wallace wrote:
> Thanks, but that's not quite what I'm looking for. I'd try a trick with specified cache peers, but I need the users' authentication information passed on to the web servers for personalized content, etc.
>
> Our proxy servers and our intranet web servers all authenticate off of the same LDAP servers. Since the users are already authenticated by the proxy for their web browsing sessions, we have our iPlanet Proxy Server (gasp!) forward the authentication (full username and password) to the internal webservers so the users are not asked for their password every time they hit an internal site. I want to replace the Netscape proxies with Squid for so many reasons, but first I must find a way to do the authentication forwarding to avoid all the fuss from the users.

Right, and thats what login=PASS (*) as an option on a cache_peer (which
you can use in acceleration mode) does. See squid.conf.default.

This may bea squid 2.5 feature only - I'm not sure.

Rob

> Eric W. Wallace
> Sr. Applications Engineer
> National Semiconductor/Maine
>
>
>
>
>
> robert.collins@itdomain.com.au on 08/14/2001 10:39:00 PM
> To: Eric Wallace/Americas/NSC@NSC
> cc: squid-users@squid-cache.org@Internet
>
> Subject: Re: [squid-users] Authentication forwarding
>
> On 14 Aug 2001 15:40:20 -0700, Eric Wallace wrote:
> > I'd like to have Squid forward the user's authentication (which was already accepted by Squid) on to our internal web servers which use the same authentication database. That is, client authentication forwarding only for matching URLs.
> >
> > I'm guessing from the docs and from this post ( http://list.cineca.it/cgi-bin/wa?A2=ind0009&L=squid&P=R44064 ) that such a feature is not available yet. Any suggestions?
>
> Squid can do this for cache peers, with login=PASS. I'm not sure what happens in acceleration mode if you define a peer for the accelerated server, but thats what I'd sugegst trying.
>
> Rob
>
Received on Wed Aug 15 2001 - 17:10:02 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:40 MST