Re: [squid-users] Transparent Proxy w/ User ID's

From: [WiZKiD] <wizkid@dont-contact.us>
Date: Tue, 02 Jul 2002 22:50:50 -0400

At 06:59 PM 07/02/2002, you wrote:

>Yes, this scheme has been proposed a number of times, and implemented
>by some. Should note that it only works when your network guarantees
>each user gets his own unique IP address. If there is multiuser
>stations such as UNIX or Windows Terminal Server or NAT/Masquerade
>devices then IP based authentication schemes won't work that well.
>
>Schemes like this is greatly simplified by external_acl
><http://devel.squid-cache.org/external_acl/>. external_acl and also
>makes the helper speed less of an issue as the helper program do not
>need to be called on each and every request, plus allows the username
>to be logged in access.log..
>
>Note: external_acl is available in Squid-2.5 and later.

Yes, but here is the problem. How would I go about modifying the
USERID? The only reason I want to really implement this (and do it to
withstand a good heavy load) is to simulate the N2H2 system, which is what
the school systems here use. We all do have a single IP address associated
with each station and no NAT between the proxy & the workstations.

The Authentication system is actually has nothing to really do with the
userid given back by the redirector script. The way the CGI is made is it
will use its own password (key) system and if the key exists, or the
ID/Password pair match change the USERID for that station only, to
something else which can actually be an ACL name, which the next (linked)
redirector can use to change its security.

.. Otherwise HOW can you use Transparent Proxy system with an
authentication system? Since the Transparent Proxy disables the ability to
use the Proxy Authentication system.

Thank you.
Anthony
Received on Tue Jul 02 2002 - 20:51:00 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:00 MST