Re: Re: [squid-users] user authentication

From: Henrik Nordstrom <>
Date: Thu, 8 Nov 2001 09:18:02 +0100

On Thursday 08 November 2001 05.54, Arindam Haldar wrote:

> if I use a squid independent programme to authticate, which stores the
> current users list as plain text(only user name field), can squid use this
> file for allowing users for web ?

Yes, but the user will still have to provide a password. What you consider as
valid passwords is up to you.

If you do not wish to have the user provide a password, then investigate the
"ident" (requires a ident server on each users computer) or ntlm
authentication (requires Squid-2.5, IE browserrs, and users being logged in
to a Windows domain)

> .. if squid can then what r the fileds it
> wishes to seek in such files to let pass the user for web ?

Squid asks the program if a given username+password combination is valid.
That is all. How the program verifies the validity Squid does not care.
Shipped with Squid there is a set of such programs verifying against systems
such as PAM, NCSA style password files, LDAP, Windows domains / file servers,
NIS, and more...

> behaviour i have seen with squid pam/NCSA auth is that every instance of
> browser(IE & Netscape) needs to be autheticated--why so . ??

This depends on the browser. To Squid the browser authenticates on each and
every request. To make life easier for the user browsers caches the username
and password. The policy for how the username and password is cached in the
browser is entirely up to the browser, and not something Squid has any impact

Most browsers caches the login information for the entire lifetime of the
browser session/instance. Some browsers time out the login after inactivity.

Received on Thu Nov 08 2001 - 01:24:20 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:58 MST