Hi,
At 20.21 29/03/2005, eupec@xxxxxxxxxxx wrote:
::I know the ISA Server behaviour.
::
::What you asking for, is trigger again an authentication :
::request to the browser when the user authentication is
::correct, but an external acl, or
|
|
Trigger browser auth in the "not correct" case aka "user authenticated in the domain but with no rights to surf the web.
ISA server makes exactly this: it triggers again the Browser authentication with a 407 Response when the access to proxy is denied, Squid send a 403 response.
::any other acl, deny the access to Squid. :: ::Some network administrators don't like this because allow ::the change of user credentials even using NTLM nsparent ::authentication schema.
::You can open a feature request on Bugzilla.
Basically, all I want is the triggering of IE's login-mask in case of the user isn't member of the "internet" group. I know it may represents a security hole (imagine someone with a keylogger running..."hey, can you please type your username/password in this login mask? I assure, I will not watch what you're typing...") but in my case this feature is mandatory for various reasons...I doubt I can do something to trigger the auth mask if I've an acl that checks the group membership only at logon time.
I think I'll open the request on squid's bugzilla.
OK.
For now, thanks for the great work done for SquidNT, Guido. It works fine :)
Thanks
Regards
Guido
- ======================================================== Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.serassio@xxxxxxxxxxxxxxxxx WWW: http://www.acmeconsulting.it/
