Thanks alot for the feedback about this Henrik...
My other alternative theory would be to create some sort of third party login to allow users to auth and therefore setting the user to [EMAIL PROTECTED] before passing to the squid server.. The only problem with this would be that I have no idea how to get such a page to force proxy headers to a remote client to be used on the squid server.. If anybody either understands what I am talking about or has any suggestions on this matter I would love to hear from you.
Thanks again
Scott
On 15/01/2005, at 11:05 AM, Henrik Nordstrom wrote:
On Wed, 12 Jan 2005, Scott wrote:
Currently a user must log in using a [EMAIL PROTECTED] to authenticate. This works fine but as time goes by I end up with a large amount of users wishing that they could drop the domain authentication from the auth request.
I would like to do this but I have hit a brick wall in regards to how to handle multiple matching usernames (and passwords unfortunetly) without a domain.
Indeed a problem, and no easy short term solution available today other than to use one Squid instance per user population, each with their own auth_param settings, and possibly forwarding all requests to a common Squid for caching.
The long term solution is to implement something called "Authentication Realms", allowing multiple different auth_param settings in the same Squid allowing different settings to be used for different clients.
A) allowing %SRC to be passed with <username> <password> to the auth helper
There was a patch for this for Squid-2.4, but not really doing what you ask. <url:http://devel.squid-cache.org/old_projects.html#authinfo>.
What this patch does not is that it doesn't differentiate between user a from IP 1 or user a from IP 2. If only allows the helper to verify the IP of the initial login.
I might be looking at this wrong but all the things that I have looked at so far have said that squid will not pass any args to the auth helper at all.
Squid uniquely identifies users by their login, not including the IP. This is required for the max_user_ip acl and a few other constructs. We do not intend to change this.
Regards Henrik
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email.
