Re: [squid-users] Reverse proxy with LDAP authentication

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Fri, 19 Sep 2008 23:30:54 +0200

On fre, 2008-09-19 at 13:04 -0700, Andrew Struiksma wrote:
> We have a company intranet server running Apache2 on Debian 4.
> Currently it is only available on our LAN. We would like to make it
> available outside our LAN. However, we want users to have to
> authenticate against our Active Directory when they are coming from
> the outside. Once they have authenticated, they should have full
> access to the internal website. Is this something that Squid can do?

Yes, with some limitations.

The limitation is that there is only one authentication slot in HTTP, so
if the web server also uses HTTP authentication then it needs to use the
exact same authentication (basic authentication to the same password
backend), or you need to set up a special authentication peering between
the two (see the login= cache_peer option).

Note: If the web server is only using cookie based forms authentication
then there is nothing to worry about.

Regards
Henrik
Received on Fri Sep 19 2008 - 21:31:00 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 26 2008 - 12:00:03 MDT