Re: [squid-users] Problems with Squid and non-anonymous FTP

From: Michael W. Lucas <mwlucas@dont-contact.us>
Date: Tue, 22 Aug 2006 11:05:46 -0400

On Tue, Aug 22, 2006 at 03:21:02PM +0200, Henrik Nordstrom wrote:
> On Tue, 2006-08-22 at 08:52 -0400, Michael W. Lucas wrote:
>
> > > ftp://user:password@host/
> >
> > That does work, but it's discouraged in the FAQ. I'd also rather not
> > teach my users to type passwords in visible cleartext, I have enough
> > trouble getting them to not use their passwords as desktop wallpaper. :-)
>
> Then persuade the browser vendors to support HTTP authentication on
> ftp://user@host/ links when using proxies. Squid does the best it can
> and asks for authentication credentials, not sure what else we can do.

Fair enough. Squid certainly does its best with what it's given, no
offense meant. I would have sworn that I'd seen this working before,
but I guess I was wrong.

> > a) anyone know how to make IE 6 SP 2 and/or Firefox 1.5 prompt for a
> > password at a non-anonymous FTP site?
>
> As a workaround/test you can use a redirector at the proxy, rewriting
> some http:// address into the desired ftp address (with some user@ in
> the host part, what does not matter, just to tell Squid that it's
> non-anonymous). And all of a sudden the client understands how to do
> authentication because now the URL starts with http:// instead of
> ftp://. That's really the only difference in all other aspects, as in
> both cases the client uses HTTP to the proxy..

That's a clever idea, but will only confuse our users.

Thank you for the insight, much appreciated.

==ml

-- 
Michael W. Lucas	mwlucas@FreeBSD.org, mwlucas@BlackHelicopters.org
		http://www.BlackHelicopters.org/~mwlucas/
	    Latest book: PGP & GPG -- http://www.pgpandgpg.com
"The cloak of anonymity protects me from the nuisance of caring." -Non Sequitur
Received on Tue Aug 22 2006 - 09:06:06 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT