On Wed, 1 Sep 2004, Chris Perreault wrote:
> I've looked through RFC 2617 trying to get a better understanding of the
> basic authentication process, and wondered if anyone on the list had a
> better way of explaining it to me. There is a 407 (web server) and 401
> (proxy server) response messages generated to challenge the authorization of
> the requestor.
Yes. And in this context a reverse proxy is a web server, not a proxy.
proxy authentication is restricted to proxies configured as proxies in the
users browser.
> We were/are trying to limit the number of times someone has
> to log in, when using squid in accelerated mode. One of the webservers does
> basic auth against the same ldap directory the squid server will be using.
Ok.
> Furthermore, there are links on this webserver to Lotus Notes. The Notes
> userdatabase has the usernames and passwords the same as the LDAP directory.
Ok.
> Without squid, users do a basic auth to the webserver and can go to Notes
> without having to log back in. (they use an out of date reverse proxy which
> makes has site.com/webserver and site.com/notes in the mappings).
Ok.
> We took the route of using a formed based authentication, with squid via
> ldap, hoping to rewrite the headers, but it appears we can't rewrite the
> headers we need to rewrite.
You can add Basic authentication to the request via a redirector.
http://user:password@host/ will translate to basic authentication when
Squid forwards the request.
> One we'd like to rewrite is remote_user but
> it ends up creating and populating a header called http_remote_user
> instead.
There is no "remote_user" header in HTTP. This CGI variable is derived
from authentication.
If you use Basic authentication then most of this is automatic, assuming
you set up Squid in a manner similar to how the old reverse proxy was
configured, presenting all the servers as one single big server to the
users.
Regards
Henrik
Received on Wed Sep 01 2004 - 10:49:11 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:01 MDT