RE: [SQU] Credentials forwarding?

From: Chemolli Francesco (USI) <ChemolliF@dont-contact.us>
Date: Mon, 18 Dec 2000 09:34:23 +0100

> Nope. But I did now an I do like the option but not the
> implementation.
>
> The implementation should kill flags.used_proxy_auth and instead look
> for the peer option.
>
> WWW authentication can always be forwarded I think.

I fear not. Think what happens with NTLM: in this case the only
kind of forwarding you can do is pass-through.
This works, of course, but still doesn't work for my needs. An
X-Squid-Authenticated-User: username
and
X-Squid-Originating-Client: ip_address

(pick any other name you wish for the header)
without any checking done by the upstream proxy.
This would be used only for logging purposes.

Rationale: in big caches, architecture the cache
in two levels. First-tier caches perform authentication
and authorization. All of them have a single parent cache
which does the on-disk caching and logging, without cached
data duplication and maximum efficiency.

-- 
	/kinkie 
Received on Mon Dec 18 2000 - 01:35:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:05 MST