On 21.02 10:51, Steve Brown wrote:
> > How is there "authentication" without credentials? I have misunderstood
> > your setup. What are you referring to when you say "authentication" because
> > the knee-jerk reaction is to assume a username and password is
> > authenticating...
>
> Yes there is a user/pass. Everyone is saying that the broswer
> shouldn't indiscriminately provide crednetials, which I agree with.
> However, in the setup I am proposing, the browser isn't submitting
> credentials. The traffic is intercepted by a local proxy, which does
> *not* have authentication and only responds to localhost traffic. The
> local proxy then queries the parent cache with the u/p provided by the
> login parameter in the cache_peer config option. So the
> authentication is there, it just doesn't require any user interaction.
I think educating users (yes, there are 2 different passwords) would be most
effective.
Some other solutions are maybe possible too:
1. give users the same password for mail and proxy and probably fetch them
from the same source like LDAP (Win2000 Domain).
2. give users SeaMonkey for both browsing and mail, set it up to remember
passwords, fill it with proxy and mail password, give users only the master
password.
3. set up FF (and probably M$IE too) to use proxy on localhost - this way
you will avoid interception and its problems and still give users benefit of
local proxy server.
I recommend using encrypted connections to protect your passwords, so you
might need SSL patch to squid: http://devel.squid-cache.org/ssl/, at least
for 1. and 3.
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains?Received on Thu Feb 23 2006 - 03:10:54 MST
This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST