On Fri, 11 Nov 2005, Hunt, Ralph wrote:
Hello, I hope you get a chance to answer this. I have been looking for an answer to this question for a little while, and would like to know if there is/or will be, any transparent login through LDAP.
Not likely for quite some time. This is mainly due to limitations in the capabilities of the browsers, not so much Squid. (Squid can always be extended with new funtionality, much harder to do the same on the clients...)
For automatic proxy authentication to work you must be logged in to your stations desktop using a login method supporting "single-sign-on", and your browser must implement using the same while talking to a proxy without promting the user for login information again.
In todays world the only two widely deployed login schemes fulfilling this is the Microsoft NTLM and Negotiate (used for kerberos) schemes. In addition many browsers support saving the proxy login credentials but this is not really the same thing.
But it would be great seeing browsers/desktops also support single-sign-on using the standard Digest scheme. Digest is at least as secure as NTLM in terms of protecting the users actual password, and more safe from hijacking.
Regards Henrik
