Re: [squid-users] Is Squid an option for me? <newbie>

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 20 Sep 2001 00:02:14 +0200

If both levels are using WWW Authentication when you will have a problem
there.. in HTTP authentication is per request, and there is only space
for one set of WWW Authentication credentials per request.

You can do something similar if the first level is used as a proxy, but
not if it acts as a origin server/surrogate/reverse proxy/whatever.

For this kind of applications you need to have the user databases
synchronised. Please note that a Squid can use the second level HTTP
server as it's user database with some small amount of coding.

--
Henrik Nordstrom
Squid Hacker
Yanek Korff wrote:
> 
> General newbie question here.  I'm trying to deploy a 2-tier authentication
> scheme to provide authentication over SSL before allowing access to other
> servers.  Like this:
> 
> User connects to proxy from outside, via SSL, say to
> https://foobar.mydomain.com/in1.  Password auth cleartext (or not, whatever)
> over SSL.
> Proxy confirms authentication OK, continues to pass ALL SUBSEQUENT DATA to
> another server based on URL (in this case, in1.mydomain.com).  In most
> cases, in1 will again immediately ask for basic auth, different auth
> database this time, though.
> 
> Is this possible with Squid?  I have managed to get this set up with apache
> to a point... except when the internal server prompts for basic auth, and I
> send back auth information, the proxy machine thinks IT is the recipient and
> rejects it, or loops if I'm using digest on the proxy and trying to send
> basic to the internal server.
> 
> -Yanek.
Received on Wed Sep 19 2001 - 16:06:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:18 MST