[SQU] Java Applet-Auth - New Feature?

From: Michael Smirnov <[email protected]>
Date: Thu, 28 Dec 2000 23:06:53 +0300

NB Squid developers!
Is there a way to use with Squid an Java applet-based
authentification, like in WinGate?
Or to combine it somehow with NCSA_auth?
I think we should do something to lower a number of entering passwords
- that's where an Java applet can help.
Let the user know when he logs on and off.

It was very easy to decompile this applet.
That's how this applet work in WinGate:
- If client's IP address is not in the WinGate's auth-table,
   the Java applet appears.
- A user enters his login and password, then presses "Logon" button.
   Login and password are MD5-encoded and sent to the server.
- Client's IP address is added to the WinGate's auth-table.
- When the user presses "Logoff", Client's IP address is deleted from
auth-table.

Note, this mechanism has bad sides - for Example, on Win2000 with Terminal
Services
all users have access after first user authentificates in Java applet,
because all the users have one IP address.
I checked how Squid + NCSA_auth work on Termial Services -
they don't have such bug, because the auth-table is not IP-address-based!

However, when I open new Internet Explorer(IE) windows, it asks login and
password again.
IE doesn't ask anything, when I open a new child-window from an
authentificated
IE's window (by clicking Shift+Mouse on a link in this window).
It asks password only when I open a new IE window.

It is not so good for users, how it can be with such applet,
because they don't like to enter their passwords too often.
I think that storing the password in IE is a bad idea for my case:
all the user have only one Win2000's login name and are not
security-experienced.
They can easily store the password, not knowing completely what they are
doing.
Note that this Java applet doesn't allow to store the password at all,
so, is gives a good solution for this "non-exeperienced" users category!

Does anyone want to look at Java sources of this applet to decide, if it
can work with Squid?

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Thu Dec 28 2000 - 13:10:48 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:08 MST