Greetings.
I am interested in developing features for squid that are currently
needed in our installations, related with LDAP and authentication
integration and content filtering (ICAP). I have being able to add the
feature of forwarding the current authenticated to the next proxy in the
chain, primarily because Squid is doing the Kerberos authentication and
the next proxy needs that info to execute another actions (I will follow
this introduction with other email with the explanation of the needs and
the implementation)
Another area I want to make a few contributions are:
- Capability to advertise different auth methods based on the request,
for example, restrict to NTLM and Negotiate only to browser and never
tell them that basic auth is allowed (IE still tries with basic even
when NTLM auth is ok but acl restricted the request), I want to avoid
people using basic for the browser. but still allow the usage of basic
auth for certain acl verified requests (user agent, ip, etc)
- Make tcp_outgoing_address be able to use an interface name and not
only a fixed ip address, this solve a problem we have with some setups
where we allow to acces to the internet with a dedicated ISP for a group
of users, and that ISP is using a dynamic ip (we currently solve this
with a scripting hack regenerating the configuration file)
- ICAP enhancements (post cache)
--
Robert Marcano
