tis 2009-09-22 klockan 00:15 -0500 skrev Dale Mahalko:
> * doesn't require the users to remember a name and password to use
> the proxy, and does an auto-login so I can identify the user in the
> proxy access logs
>
> * uses password encryption to prevent sniffing of passwords on the network
For the above you need NTLM or kerberos.
basic auth can't fulfill any of the above two..
digest auth only fulfills the second with most browsers. Haven't seen
them allowing the proxy password to be saved in the browser.
but on the positive side the Squid digest helper do have eDirectory
integration making it possible to log in to the proxy using the same
password as in eDirectory/NDS.
> At this point I would be happy with sticking a small program in each
> user's Windows roaming profile account that loads when they login and
> does the authentication for them, whenever they try to use the proxy.
That's doable. And maybe doesn¨t even need any extra program, but it
will be done by tying the user identity to the IP of his station.
If your NDS/eDir server already keep track of who is logged on at what
client IP then all you need is to query this via an external acl,
returning the username to Squid.
> There is apparently no formal name for doing this sort of user-login
> though so I can't search for examples of anyone doing it since I don't
> know what to call it. Maybe: "Windows helper application squid
> authentication"?
Such out-of-band methods with Squid is not authentication, just
identification.
Regards
Henrik
Received on Thu Sep 24 2009 - 20:58:36 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 25 2009 - 12:00:03 MDT