On Mon, 2003-03-17 at 17:31, Anthony Wood wrote: > On Mon, Mar 17, 2003 at 05:23:08PM +1100, Kevin Saenz wrote: > > > > > I'm trialling using smb_auth for access to our squid proxy. > > > > > > > I guess that is good for a small network what happens when the > > network grows to a larger size and fixing acls for each user > > in squid becomes a pain in the proverbial. But I can see an > > up side given that Authentication through smb would be completely > > transparent unlike ldap authentication with squid. > > > > > I'm using transparent proxying with squid, however I've found that this > > > won't allow access to permitted users, and I have to point the browser at > > > the proxy manually. > > > > > Didn't someone previously post how much of a bad idea transparent > > proxying is in the real world? (By redirecting port 80 to squid's ports) > > Transparent Proxying OK > Proxy Authentication OK (403? Proxy Authorisation Required) > > Transparent Proxy Authentication I read was bad, depends whether the > smb_auth thing sends Proxy Auth REquired to the browser, or if it > sends denied, based on other hacky things in the background. > > Maybe it's OK with certain browsers.
Nope. Never. Full Stop. Finito. Interception and Authentication DO NOT MIX *without* a virtual authentication server (which squid does not currently support). Rob -- GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
signature.asc
Description: This is a digitally signed message part
