Re: Re: [squid-users] How to obtain auth mask by ie if the domain user haven't correct rights?

From: Serassio Guido <guido.serassio@dont-contact.us>
Date: Tue, 29 Mar 2005 20:38:12 +0100

Hi,

At 20.21 29/03/2005, eupec@supereva.it wrote:

>::I know the ISA Server behaviour.
>::
>::What you asking for, is trigger again an authentication :
>::request to the browser when the user authentication is
>::correct, but an external acl, or
>|
>|
>Trigger browser auth in the "not correct" case aka "user authenticated in
>the domain but with no rights to surf the web.

ISA server makes exactly this: it triggers again the Browser authentication
with a 407 Response when the access to proxy is denied, Squid send a 403
response.

>::any other acl, deny the access to Squid.
>::
>::Some network administrators don't like this because allow
>::the change of user credentials even using NTLM nsparent
>::authentication schema.
>
>::You can open a feature request on Bugzilla.
>
>Basically, all I want is the triggering of IE's login-mask in case of the
>user isn't member of the "internet" group. I know it may represents a
>security hole (imagine someone with a keylogger running..."hey, can you
>please type your username/password in this login mask? I assure, I will
>not watch what you're typing...") but in my case this feature is mandatory
>for various reasons...I doubt I can do something to trigger the auth mask
>if I've an acl that checks the group membership only at logon time.
>
>I think I'll open the request on squid's bugzilla.

OK.

>For now, thanks for the great work done for SquidNT, Guido.
>It works fine :)

Thanks

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Tue Mar 29 2005 - 12:38:50 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:03 MST