Re: [squid-users] Logging username at parent cache using ntlm_auth

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 24 Sep 2003 02:46:37 +0200 (CEST)

On Wed, 24 Sep 2003, Wilshire, Andrew wrote:

> When I look inside access.log on the PARENT (2nd tier) cache of the
> first-tier cache I see
>
> 1064290276.165 4844 eee.fff.ggg.hhh TCP_MISS/200 10100 GET
> http://www.nzherald.co.nz/pics/ACFNAA.Taimy.JPG -
> FIRST_UP_PARENT/3rdtiercache.fqdn.co.nz image/jpeg
>
> What I need to accomplish is to get the domain/username passed through to
> the PARENT cache so that I may use a filtering product on our 2nd tier
> proxy.

Then you need to set up a system where "faked" logins are used to the 2nd
tier proxy. You can set up the first proxy to log in with the same
username but a static password. See the login= cache_peer option.

This also requires reconfiguring the parent proxy to require basic
authentication and know about the static password assigned to the first
proxy.

> Do I need to recompile Squid on the 2nd tier cache with ntlm_auth support?

Won't help. You can't proxy ntlm_auth due to the nature of NTLM.

Regards
Henrik
Received on Tue Sep 23 2003 - 18:46:49 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:00 MST