RE: [squid-users] Reverse proxy with LDAP authentication

> -----Original Message-----
> From: Henrik Nordstrom [mailto:henrik_at_henriknordstrom.net]
> Sent: Friday, September 19, 2008 2:31 PM
> To: Andrew Struiksma
> Cc: 'squid-users_at_squid-cache.org'
> Subject: Re: [squid-users] Reverse proxy with LDAP authentication
>
> On fre, 2008-09-19 at 13:04 -0700, Andrew Struiksma wrote:
> > We have a company intranet server running Apache2 on Debian 4.
> > Currently it is only available on our LAN. We would like to make it
> > available outside our LAN. However, we want users to have to
> > authenticate against our Active Directory when they are coming from
> > the outside. Once they have authenticated, they should have full
> > access to the internal website. Is this something that Squid can do?
>
> Yes, with some limitations.
>
> The limitation is that there is only one authentication slot
> in HTTP, so if the web server also uses HTTP authentication
> then it needs to use the exact same authentication (basic
> authentication to the same password backend), or you need to
> set up a special authentication peering between the two (see
> the login= cache_peer option).
>
>
> Note: If the web server is only using cookie based forms
> authentication then there is nothing to worry about.

The main website used form based cookie authentication but can also use HTTP authentication. Is there a sample squid.conf on how to perform the reverse proxy + AD authentication?

Thanks for the info.

Andrew
Received on Mon Sep 22 2008 - 15:14:12 MDT