Re: [squid-users] Many squids one point of authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 14 Oct 2004 18:28:07 +0200 (CEST)

On Thu, 14 Oct 2004, Angela Williams wrote:

> One problem has arisen and that is the need for all my customers to
> authenticate 3 times! Any ideas as to being able to reduce this to a single
> authentication?

The problem you are seeing is that Basic proxy authentication is per
proxy. The browser won't send the same login+password to another proxy
without first asking the user.

To solve this you need to either use Digest authentication with the same
realm on all proxies (and hope the browsers handle this correctly), or use
a DNS round-robin entry to distribute the clients among the caches and
return only this DNS entry in proxy.pac. You could also set up the
proxy.pac to statically select only one of the proxies for the duration of
the session.

Regards
Henrik
Received on Thu Oct 14 2004 - 10:28:13 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST