Re: [squid-users] Transparent proxy on LDAP_GROUP

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 16 Aug 2010 23:53:32 +1200

tony.fei_at_oocl.com wrote:
>
> Dear experts,
>
> I configed Squid with LDAP_Group authentication, each user in ProxyUsers group of AD can surf after inputting user name/password when he open browser.
> I'd like to know is there a way needn't user input id/passoword if he already in ProxyUsers group, to say make Squid total transparent to users. Thanks for sharing !

The popup is part of the web browsers security system. Squid has nothing
to do with that.

Modern browsers can be configured with a login cache for website and
proxy logins. Once the master password is given the others are handed
out as needed to the right places.

Use of secure auth protocols (Digest, NTLM, Kerberos) can also help the
browser send pre-encrypted tokens without needing a popup. Squid can
participate there by being configured to use them. Basic auth protocol
has the password in visible text form, so handing it out without user
consent is a bad idea and browser wont do it.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.6
   Beta testers wanted for 3.2.0.1
Received on Mon Aug 16 2010 - 11:53:42 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 17 2010 - 12:00:02 MDT