RE: [squid-users] Logging username at parent cache using ntlm_aut h

From: Robert Collins <[email protected]>
Date: Tue, 07 Oct 2003 07:45:53 +1000

On Tue, 2003-10-07 at 20:19, Wilshire, Andrew wrote:

> I've tried re-ordering my http_access statements on the parent (see snip of
> squid.conf below) to allow the child cache before the proxy_auth acl,
> however then the usernames don't show up in the log :(. I've tried running
> fakeauth_auth from the command line, but either I don't know the syntax or
> it's broken becuase I never seem to be able to get it to return an error
> code. I'm kinda hoping it just goes "OK" with any syntax, as that's exactly
> what I'm looking for (hence if this is the case my IE session should stop
> prompting for password!)

You can't daisy chain NTLM authentication - it's incompatible with the
session based nature of NTLM.

What you can do is use the *:secret approach in your peer definition, to
have the child proxy log into the parent with the username and a known
secret. Then you'll have the username in the parent. The downside?
you'll probably need to disable all non child access to the parent.

Cheers,
Rob

-- 
GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.

Received on Mon Oct 06 2003 - 15:46:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:25 MST