[squid-users] Authentication fall through

From: Matt Richards <matt_at_mattstone.net>
Date: Fri, 23 Oct 2009 14:27:57 +0100

Hello,

I have currently got squid setup so it authenticates (against ntlm)
users and uses squidGuard to do the blocking.

At the moment if a machine is not part of the domain I get a popup box
asking for authentication.

Is it possible to try this authentication and if it fails then don't
popup a login box but either try another type of authentication or continue.

I have tried allowing everything as well as having the authentication
lines but then squid just doesn't seem to pass the username on.

What I would like ideally is have squid try the authentication and if it
succeeds then supply the login of the user to the url_rewrite_program.
If it fails then continue as normal without a login. In this case
squidGuard will redirect everything to a login page which will add
values to a database.
When they submit the login information another request will be made and
this time squid will check the database and allow the user through
depending on the IP address of the remote machine.

So squid will try NTLM again, fail this, check the database, as the user
authenticated before see their IP in the database, get the login from
the database and use this as the authenticated user login from there on.
The user can then continue to browse as normal.
Basically like web based authentication with NTLM (AD SSO) support.

Is this possible?

I realise that it might be the browser that is asking for authentication
if it cant supply the authentication information to squid.

If this is the case if there a helper application that attempts to
connect to the IP of the requesting machine to verify authentication?
Like novell and bordermanager does?

Thanks for your time,

Matt.

Received on Fri Oct 23 2009 - 13:28:10 MDT

This archive was generated by hypermail 2.2.0 : Sat Oct 24 2009 - 12:00:01 MDT