Re: [squid-users] Squid farm, share auth

From: Chris Robertson <crobertson@dont-contact.us>
Date: Thu, 27 Sep 2007 15:50:02 -0800

Luis Daniel Lucio Quiroz wrote:
> Hi All,
>
> We are planning to install a farm of -nsquids to provide our company enhanced
> web suffering experience and to control security on who is where. However,
> we have some requirements I'm not really sure that squid is captable of them,
> here they are:
> - Squids need to be auth, however, auth must be agains an openldap (I know
> this is possible). The fact is that auth MUST be crypted. I was thinking
> about Cipher auth that is done with MD5 but we really dont know what is the
> crypt hash of ldap.
>

See
http://www.squid-cache.org/mail-archive/squid-users/200212/0005.html,
http://www.squid-cache.org/mail-archive/squid-users/200407/0697.html and
finally
http://wiki.squid-cache.org/KnowledgeBase/Using_the_digest_LDAP_authetication_helper

In the last link, where it talks about Installing and testing the
helper, Squid 2.6 is equivalent to Squid 2 HEAD, as the digest_ldap_auth
helper is included with Squid 2.6

> - Authentication must be share, in the way that if I've already authed in
> squid1, then squid2 shouldnt ask me authentication. I'm not really shure if
> ICP or HTCP cand do this. Squis farm is balanced by an external apliance so
> we dont know what squidN is responding to replay.
>

As long as all the proxies use the same data source to authenticate
against, no extra work will be required. HTTP is a stateless protocol,
so the browser passes authentication details along with every request
that should require it.

> I home someone could give me any clue.
>
> Regards,
>
> LD
>

Chris
Received on Thu Sep 27 2007 - 17:50:28 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:03 MDT