On Thu, 7 Oct 2004 15:34:48 +1000 James Gray <[EMAIL PROTECTED]> wrote:
> For the OP, "transparent authentication" and "transparent proxy" are two > very different and conflicting terms; they are mutually exclusive. Not exactly. In the context of just using Squid I could understand that, but when it comes to authentication there are a few other technologies that can be used. The first one that pops to mind is NoCatAuth. It's primarily used for large wireless community networks, but it's fairly extensible if you were looking for an alternative. You run it on a gateway computer and it'll capture all requests for whichever protocols you specify until a correct username and password is supplied through a web interface. The thing about doing it this way is that users would know _why_ they were being presented with a login dialog, rather that assuming a man-in-the-middle attack. The main problem with it is that it doesn't natively support samba authentication out of the box. Its username and password list is stored in a mysql database, so you'd need to find some way of linking that up with NTLM authentication/active directory. Off the top of my head, I can't think of any project that does that, however it doesn't mean that it doesn't exist, or could be easily hacked up. :-) If you sucessfully set up NoCatAuth you'd be able to set up transparent proxying easily enough, hence having both transparent authentication and a transparent proxy. BTW, i'm no proxy admin, I just know stuff about software used on community wireless networks. :-) Lindsay -- http://www.asymmetrics.net/~auxesis/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
