On Sun, 1 May 2005, S.M.H. Hamidi wrote:
This solution only works when there is a one-to-one mapping between users and ip addresses but imagine circumstances where all users have same ip addresses( e.g. terminal server users).
The definite solution to this problem is "cookie-based authentication" which is implemented by some commercial products like bluecoat ProxySG (http://www.bluecoat.com/downloads/support/BCS_tb_enabling_transparent_auth.pdf)
and Novell BoarderManager (http://support.novell.com/techcenter/articles/cfa03332.html)
This is doable as well, using the exact same mechanism.
But you probably want to extend Squid slightly to filter out that cookie on the forwarded requests to not leak session information to the web servers.
Regards Henrik
