I've looked through RFC 2617 trying to get a better understanding of the basic authentication process, and wondered if anyone on the list had a better way of explaining it to me. There is a 407 (web server) and 401 (proxy server) response messages generated to challenge the authorization of the requestor. We were/are trying to limit the number of times someone has to log in, when using squid in accelerated mode. One of the webservers does basic auth against the same ldap directory the squid server will be using. Furthermore, there are links on this webserver to Lotus Notes. The Notes userdatabase has the usernames and passwords the same as the LDAP directory. Without squid, users do a basic auth to the webserver and can go to Notes without having to log back in. (they use an out of date reverse proxy which makes has site.com/webserver and site.com/notes in the mappings). We took the route of using a formed based authentication, with squid via ldap, hoping to rewrite the headers, but it appears we can't rewrite the headers we need to rewrite. One we'd like to rewrite is remote_user but it ends up creating and populating a header called http_remote_user instead. This is verified by changing the header name, in the script, to remote_user2 and ending up with a http_remote_user2 header populated with the username.
We have the same username/password pairs, we are using a single domain with all the servers thinking they are part of one big happy server. I had read that once you create a header, it's value can't be changed, but that doesn't make sense because there are headers with nothing in them that do get populated. What header would we want to populate and can we rewrite the existing remote_user header variable? Thoughts/comments? Thanks..Chris
