On 5/23/05, Mark Romer <mromer@xxxxxxxx> wrote: > I'm curious how often those who deploy squid configure it to require > user authentication. And what are the main reasons for requiring > authentication? AAA: Authentication, Authorization and Accounting. Are you who you claim to be? Do you have permission to use the proxy? Can we track back specific requests to an individual user? On a small "home" network without any official security policies, I can get away with being hyper-paranoid about personal privacy, restricting access to specific ether addresses (MAC) and turning off logging. On a slightly larger network with static IP addresses and trustworthy internal users, I keep logs for a few days (or weeks) and rely on the source IP for access control and logging. This is enough to be able to respond to RIAA/MPAA complaints and debug technical problems. In very large networks with dynamic IP addresses and many diverse LANS/WANS using DHCP servers not under centralized management, the IP address is not a reliable identifier, and user authentication may be necessary, or even a mandatory (regulatory, internal policy, etc) requirement. The only place I've ever actually used Squid with authentication was where the business had a need to have different policies apply to different users within the same DHCP scope; for example "students" might have more restrictive ACLs than "teachers" while a reception desk might only have access to Mapquest, OpenTable, and AnyWho. Kevin
