Re: [squid-users] Squid farm, share auth

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Fri, 28 Sep 2007 14:57:41 +0200

On tor, 2007-09-27 at 16:45 -0500, Luis Daniel Lucio Quiroz wrote:

> - Squids need to be auth, however, auth must be agains an openldap (I know
> this is possible). The fact is that auth MUST be crypted. I was thinking
> about Cipher auth that is done with MD5 but we really dont know what is the
> crypt hash of ldap.

digest auth is probably what you are looking for.

> - Authentication must be share, in the way that if I've already authed in
> squid1, then squid2 shouldnt ask me authentication.

Then they all need to use the same hostname, either via a mult-record
DNS entry or a load balancer.

> I'm not really shure if
> ICP or HTCP cand do this. Squis farm is balanced by an external apliance so
> we dont know what squidN is responding to replay.

Ok. So then it will just work. Just make sure the load balancer is
somewhat session aware if you are using digest as it will not perform
well if the user is randomly assigned a new server on each request.

Regards
Henrik

Received on Fri Sep 28 2007 - 06:57:48 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:03 MDT