On Fri, 14 Nov 2003, Rajendra Kulkarni wrote: > I want to authenticate users from my own authenticator-program, when Squid is > deployed as Transparent proxy, in Acceleration mode. > > I am aware of the 401 / 407 and their limitations and also aware that this is > browser's limitation, and not Squid's!! > > What I could think of, as a solution, is: > > 1) browser will send conventional (transperent) request to accelerator (i.e. to > squid) > 2) instead of the requested URL, squid will show it's own web page with a user-name > / password html form > 3) the HTML form gets submitted to squid, and it calls an External authenticator > with these user-name / password > 4) if external authenticator returns TRUE, squid allows that Source IP till the > configured TTL. > > Is such an implementation possible using Squid?
Yes. You will need to implement a redirector or external acl helper to Squid having the "session" logics, and redirecting not authenticated stations to your login page. Your login page and your helper needs to share a common session database/registry of some kind allowing both to share a common view of what sessions are currently active. No modifications to Squid is required for this. Regards Henrik
