Re: [squid-users] fakeauth_auth for logging on Ubuntu builds

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 22 Jul 2010 05:37:59 +0000

On Wed, 21 Jul 2010 21:21:05 -0700 (PDT), rscho
<rudi.schoebel_at_ecogen.com.au> wrote:
> We've used SquidNT 2.7 using the fakeauth_auth helper to log users
requests

"SquidNT" was an experimental development branch. I hope you mean the
Squid windows build from Acme.

> without authentication. It silently gets the user name without the
browser
> having to request the user to supply credentials, which is what we
require.
>
> We're trying to move to a Ubuntu server and none of the pre-built
binaries
> include fakeauth_auth. We'd prefer not to have to compile our own squid
> because our IT policy states we must remain compliant with Ubuntus'
apt-get
> update mechanism.
>
> To get around this we've written c & python helpers that can extract the
> username and supply "OK user=UserName" to squid, but not without the
> browser
> prompting the user for this information. Is there a way without
> fakeauth_auth to have squid or a helper silently obtain the username
from a
> users browser?
>
> Any pointers, links or examples would much appreciated.

You seem to be under a misconception about how fakeauth works.

It does not retrieve the username silently from the browser, it uses the
regular username retrieval methods and says OK for every piece of garbage
that comes back regardless of whether the response was a valid user login
or not.

The silent bit comes from browsers being able to fetch NTLM credentials
from the operating system without user approval. This should work
regardless of the Squid authenticator. It only becomes a popup when the
browser sends invalid credentials and gets challenged to supply valid ones.

I've added the old perl version called no_check.pl to the Squid FTP at
ftp://ftp.squid-cache.org/pub/squid/contrib/no_check (may take a short
while for the mirrors to pick it up).

Please make a feature-request bug to the Debian package maintainer to
include the fake helpers.

Amos
Received on Thu Jul 22 2010 - 05:38:06 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 22 2010 - 12:00:05 MDT