Re: [squid-users] Squid Authentication : Again

From: Christoph Haas <email@dont-contact.us>
Date: Thu, 1 Jan 2004 17:03:40 +0100

On Wed, Dec 31, 2003 at 05:08:17PM -0700, OTR Comm wrote:
> I am trying to figure something out. When Squid is configured to
> authenticate, how does it keep up with the different session for
> individual users who have logged on?

The browser is sending the credentials with every request. Squid is
checking these data against your favorite authentication mechanism.
(Plus it keeps a cache to avoid doing this at every single HTTP
request.)

> The reason I ask is, and I have asked this before, is there any way to
> have Squid keep up with individual sessions without authentication?

Then how are your users authenticated when you do not send credentials?

> N2H2, the company that wrote the Bess Filtering system, uses Squid
> without authentication and a filtering helper like squidGuard that
> supports overrides of blocked sites. User who have authority to
> override sites, login and then somehow Squid can distinguish those
> users. How can Squid do this?

You could ACLs and icap in squid. This way your content filter is called
while squid still handles the access control. We use LDAP to store group
information at work.

Or you set "forwarded_for on" and your parent proxy knows the IP address
of the workstation that did the request.

 Christoph

-- 
~
~
".signature" [Modified] 3 lines --100%--                3,41         All
Received on Thu Jan 01 2004 - 09:03:42 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:02 MST