Hi,
On 7 Feb 2002, Robert Collins wrote:
> Yes :}. As an interesting intellectual diversion, the following allows
> transparent, authenticated web sessions - to a certain extent.
>
> 1) A HTTP/1.1 conformant squid (or at least supporting chunked encoding,
> and pretending for the rest). I've had this running, but it's not
> stable. (this isn't strictly required, but removes a _lot_ of overhead
> and some instances where this won't work without..., so is very much
> recommended.)
> 2) New connections return an immediate redirect, to a virtual web server
> 'authserver.proxycanonical.com/', after storing the original URL in the
> connection state.
> 3) authserver.proxycanonical.com then returns a 401!
> 4) The client authenticates to the authserver.proxycanonical.com (which
> is still the proxy server).
> 5) The proxy then issues another redirect, back to the stored original
> URL.
> 6) The connection is authenticated, much like NTLM.
>
The definition of "new connections" could be somewhat problematical
couldn't it? You don't want to have to authenticate for *every*
connection. Apart from that, no authentication information would be passed
with subsequent connections. Also has problems with a multi-user machine
where it would be difficult to distinguish between users.
Colin
-- Colin Campbell Unix Support/Postmaster/Hostmaster CITEC +61 7 3006 4710Received on Wed Feb 06 2002 - 21:27:09 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:11 MST