[squid-users] authorization

From: Heinz Ahrens <xf01070@dont-contact.us>
Date: Wed, 27 Nov 2002 11:12:38 +0100 (MET)

Hallo squid-users,

i use squid with perhaps 20.000 users an all works fine. My only problem is
the fact, that the user-authentication is not encrypted.

Now i want to solve the problem and i found "Squid IP Auth". This is fine,
but i need another program, because i use NAT between client and proxy and
squidGuard with different userlists.

So i want to hack squid to solve the problem. First i must change the error
407 to 403 at the beginning of browsing. Then the user gets a website on the
same system (ERR_CACHE_ACCESS_DENIED) and the user must enter userid and
password (CGI to apache on the same system (HTTPS)). Because of HTTPS the
password is encrypted. That is all possible ...

The webserver can make the authentication (LDAP with a perl-script).
If all is okay the script generate a new password (cipher) and returns
something HTML with:
proxy-username: username
proxy-password: cipher
a website to surf to
(redirect or something else)

If this is possible the user get squid-access with his username und a
tempory password. Squid can decrpyt the cipher and then ask LDAP for
authentication. And the user can surf.

My question:

Is this possible ??? Is it possible to write a HTML-website in this case,
that the username and password for proxy-authentication is included. Is it
possible to include the authorization-header in a HTTP-request ???

Or is there perhaps another way to solve the problem. Perhaps a
HTML-website, a button (GET- or POST-parameter) or something else.

Greetings from Germany

  Heinz Ahrens

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
Received on Wed Nov 27 2002 - 03:12:41 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:35 MST