Re: [squid-users] Transparent proxying + LDAP authentication

From: Henrik Nordstrom <[email protected]>
Date: 26 Mar 2003 12:55:54 +0100

ons 2003-03-26 klockan 13.00 skrev Kristian Du:
> Hi Everyone,
>
> I have looked through the FAQs but could not find an answer to my
> doubts.
>
> I was wondering whether the following scenario can be implemented or
> not:
>
> - A user logs on a Win 2K box authenticated via an LDAP server
> - Opens up a browser that has NOT been configured to use a
> proxy server for web access (transparent proxying comes into
> play behind the scenes)
> - When the user accesses an external site (i.e. outside the
> local intranet) he does NOT have to enter a username and a
> password for authenticating with the proxy server

Sorry. To use proxy authentication the browser MUST be configured to use
a proxy.

What can be done is a separate authentication scheme where the user
authenticates his IP address. Such authentication is most easily done by
having the domain logon script registering in a database who the current
user of the clients IP address is, and then have the proxy query this
database to find the username.

Another alternative is to use IDENT, but requires a IDENT server to be
installed on each and every client station. Note: the IDENT server may
be started by the domain logon script, but in such case knowledgeable
users may easily fake their identity to the proxy.

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden
Received on Wed Mar 26 2003 - 04:56:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:20 MST