RE: [squid-users] Authenticating Across Windows Domains

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 31 Oct 2010 21:44:35 +0000

On Wed, 27 Oct 2010 07:33:56 -0500, "Clive Christie"
<clive.christie_at_magnarewards.com> wrote:
> I am running Squid 2.7 Stable 6 as stated previously I authenticate on
the
> Intranet Site using an AD account on the Remote site that I am connected
to
> by VPN. Regarding privacy and anonymity, I am not sure the only changes
I
> made to the squid config was changing the port, setting it to
transparent
> and setting up access for my network.

Ah.
 "transparent" proxying (NAT or TPROXY) and authentication do not work
together. They also go by the name main-in-middle security attack. Browser
security systems prevent user credentials being sent to these types of
attackers.
 You can use WPAD to do proxy automatic configuration(PAC) (aka
"transparent" configuration) to setup the browsers in the background so
they are aware of the proxy and will send credentials.

Amos
Received on Sun Oct 31 2010 - 21:44:39 MDT

This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 12:00:06 MDT