Re: [squid-users] Solutions for transparent + proxy_auth?

From: Matus UHLAR - fantomas <uhlar@dont-contact.us>
Date: Fri, 24 Feb 2006 10:21:25 +0100

> > I think educating users (yes, there are 2 different passwords) would be
> > most effective.

On 23.02 10:01, Steve Brown wrote:
> Believe me, I wish I could. But these are sales people, and as I
> said, some of them aren't very bright.

I do. but i think you understand that educating isthe best ever.

> > 1. give users the same password for mail and proxy and probably fetch
> > them from the same source like LDAP (Win2000 Domain).
>
> Thought about that, but I won't want to have to maintain it. Its a hassle.

If you can't easily use the same passwd source for squid than for mail, then
of course skip it.

> > 2. give users SeaMonkey for both browsing and mail, set it up to
> > remember passwords, fill it with proxy and mail password, give users
> > only the master password.
>
> Multiple users may use the same computer. We don't want them reading each
> others email, number one, and number two, they would wind up giving out
> someone else's email address as their own. Like I said, not very bright.

That requires multiple user profiles on those computers. You only have to
set up more accounts on those computers, which you probably need to do
even...

> > 3. set up FF (and probably M$IE too) to use proxy on localhost - this
> > way you will avoid interception and its problems and still give users
> > benefit of local proxy server.
>
> I posted earlier about my this won't work. Firefox is too easy to get
> around on OSX.

However, I would think this way: if they can get around proxy setting, they
CAN remember more than one password (and present that solution to boss)

> > I recommend using encrypted connections to protect your passwords, so
> > you might need SSL patch to squid: http://devel.squid-cache.org/ssl/, at
> > least for 1. and 3.
>
> Thanks, this was going to be my next question. ;-)

good :) at least I'm not sure if this is the right ssl patch to squid...

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
   One OS to rule them all, One OS to find them, 
One OS to bring them all and into darkness bind them 
Received on Fri Feb 24 2006 - 02:21:30 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:04 MST