[squid-users] Windows auto-login helper application?

From: Dale Mahalko <dmahalko_at_gmail.com>
Date: Tue, 22 Sep 2009 00:15:43 -0500

I need some help with setting up a fairly secure, easy to use method
of authenticating users of Windows XP with squid, that:

 * doesn't require the users to remember a name and password to use
the proxy, and does an auto-login so I can identify the user in the
proxy access logs

 * uses password encryption to prevent sniffing of passwords on the network

It does not look like NTLM authentication will work because apparently
that requires Windows to be joined to a domain before Windows will use
that method. None of the computers are in a domain, and they can't be
since this is a Novell network.

For the life o' me, I cannot figure out how to get the LDAP-auth to
connect to do a Novell eDir/NDS LDAP user lookup. Most searched
discussions regarding this are incomplete, usually ending with someone
saying "Oh I figured it out myself" and they never post what they did.
I know our LDAP server works since I can login to it using a generic
LDAP browser.

,

At this point I would be happy with sticking a small program in each
user's Windows roaming profile account that loads when they login and
does the authentication for them, whenever they try to use the proxy.

There is apparently no formal name for doing this sort of user-login
though so I can't search for examples of anyone doing it since I don't
know what to call it. Maybe: "Windows helper application squid
authentication"?

,

Actually this is how Novell's aging BorderManager proxy does it, using
a program called the Client Trust that sits in the taskbar and talks
to the proxy to authorize the user. It interfaces with the Novell
client to get the user's credentials.

I am not expecting or looking for anything this extravagant that also
can talk to the Novell Client. I would be fine with a
taskbar/background helper that just uses a simple hashed config file
in the user's account to authenticate them with squid.

(BorderManager is being retired by Novell next year and so I can't
expect or rely on the Client Trust authenticator to continue to be
available. And besides it is made only for BorderManager, and doesn't
work with other proxies like squid..)

,

Dale Mahalko
Received on Tue Sep 22 2009 - 05:15:51 MDT

This archive was generated by hypermail 2.2.0 : Fri Sep 25 2009 - 12:00:03 MDT