[squid-users] Multiple basic auths in one session

From: Chris Perreault <Chris.Perreault@dont-contact.us>
Date: Wed, 1 Sep 2004 11:25:00 -0400

I've looked through RFC 2617 trying to get a better understanding of the
basic authentication process, and wondered if anyone on the list had a
better way of explaining it to me. There is a 407 (web server) and 401
(proxy server) response messages generated to challenge the authorization of
the requestor. We were/are trying to limit the number of times someone has
to log in, when using squid in accelerated mode. One of the webservers does
basic auth against the same ldap directory the squid server will be using.
Furthermore, there are links on this webserver to Lotus Notes. The Notes
userdatabase has the usernames and passwords the same as the LDAP directory.
Without squid, users do a basic auth to the webserver and can go to Notes
without having to log back in. (they use an out of date reverse proxy which
makes has site.com/webserver and site.com/notes in the mappings). We took
the route of using a formed based authentication, with squid via ldap,
hoping to rewrite the headers, but it appears we can't rewrite the headers
we need to rewrite. One we'd like to rewrite is remote_user but it ends up
creating and populating a header called http_remote_user instead. This is
verified by changing the header name, in the script, to remote_user2 and
ending up with a http_remote_user2 header populated with the username.

We have the same username/password pairs, we are using a single domain with
all the servers thinking they are part of one big happy server. I had read
that once you create a header, it's value can't be changed, but that doesn't
make sense because there are headers with nothing in them that do get
populated. What header would we want to populate and can we rewrite the
existing remote_user header variable?

Thoughts/comments?

Thanks..Chris
Received on Wed Sep 01 2004 - 09:27:35 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:01 MDT