RE: [squid-users] Transparent proxy, authenticacion, differentscenarios

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 19 Nov 2002 22:05:57 +0100

tis 2002-11-19 klockan 21.27 skrev Evelio:

> > > 1) A transparent proxy is not possible, isnīt it?
> >
> > No. The browser must be configured to use a proxy for authentication to
> > be possible.
>
> Is there any way to force the user to change the browser config ?
> Is there any way to do it "automatically"?

Semi-automatical: WPAD, if the browser has WPAD enabled. WPAD can set
the proxy configuration via DHCP or DNS.

Automatical: Via a domain logon script if your users are Windows users
logging on to your domain.

Forced: Firewall port 80, deny your users direct access. This can also
display a web page explaining to the user that they need to configure
the proxy settings in the browser and how (just use the same methods as
for transparent interception, but instead of sending the traffic to
Squid, send it to a web server).

> ok, I have change "manually" by browser conf. and now I have the
> authentication window, but
> need to use the /usr/bin/ncsa_auth program.
>
> Do I have to upgrade to Squid 2.5 from sources or can i find it in an rpm?

Most RPMs include ncsa_auth, but you should probably spend some minutes
and decide if NCSA auth is really what you want, or if you prefer to
integrate with a existing user directory such as LDAP / NT Domain /
Radius / NDS/ ....

For Squid-2.5 ncsa_auth is in libexec/. With a standard RPM install this
should be /usr/libexec/squid/

Regards
Henrik
Received on Thu Nov 21 2002 - 10:32:42 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:29 MST