[squid-users] Project for someone (Was Re: [squid-users] transproxy + auth on parent proxy)

From: Robert Collins <[email protected]>
Date: 07 Feb 2002 13:55:22 +1100

On Thu, 2002-02-07 at 10:13, Colin Campbell wrote:
> As has been stated many, many times on this list:
>
> transparency, authentication, pick one

Yes :}. As an interesting intellectual diversion, the following allows
transparent, authenticated web sessions - to a certain extent.

1) A HTTP/1.1 conformant squid (or at least supporting chunked encoding,
and pretending for the rest). I've had this running, but it's not
stable. (this isn't strictly required, but removes a _lot_ of overhead
and some instances where this won't work without..., so is very much
recommended.)
2) New connections return an immediate redirect, to a virtual web server
'authserver.proxycanonical.com/', after storing the original URL in the
connection state.
3) authserver.proxycanonical.com then returns a 401!
4) The client authenticates to the authserver.proxycanonical.com (which
is still the proxy server).
5) The proxy then issues another redirect, back to the stored original
URL.
6) The connection is authenticated, much like NTLM.

I'm happy to provide advice on accomplishing this should someone wish to
code it, but I don't have time now (or for .... quite some time) to do
this myself.

Rob
Received on Wed Feb 06 2002 - 21:09:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:11 MST