>> Or maybe (it will simplify all) - is it some method to get %LOGIN from
>> headers sent by browser (as it was said before - I use
>> squid_kerb_auth). In such case I don't need to pass anything special
>> with deny_info.
>
> Yes that is the better way to do all this. You wont be passing username
> un-encrypted.
>
> Just generate the error page using a background auth check in the page
> script to lookup the username from the Proxy-Authentication header received.
> You could even use squid_kerb_auth to do the sub-check, all it does for
> Squid is take a copy of the header line and pass back the username on
> success and error message fail.
Hmm...
So for example user is redirected via deny_info to
http://mydenyserver.com/index.php
And my page in php will exec squid_kerb_auth to receive username? You
mean something like this?
>
> This may help:
> http://wiki.squid-cache.org/Features/AddonHelpers#Negotiate_and_NTLM_Scheme
>
> "KK $header_content" is what squid_kerb_auth accepts,
> "AF $username" is the success reply,
> "BH $message" is the failure reply.
>
> Amos
Received on Fri Apr 29 2011 - 07:28:39 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 29 2011 - 12:00:05 MDT