On 21.02 10:51, Steve Brown wrote: > > How is there "authentication" without credentials? I have misunderstood > > your setup. What are you referring to when you say "authentication" because > > the knee-jerk reaction is to assume a username and password is > > authenticating... > > Yes there is a user/pass. Everyone is saying that the broswer > shouldn't indiscriminately provide crednetials, which I agree with. > However, in the setup I am proposing, the browser isn't submitting > credentials. The traffic is intercepted by a local proxy, which does > *not* have authentication and only responds to localhost traffic. The > local proxy then queries the parent cache with the u/p provided by the > login parameter in the cache_peer config option. So the > authentication is there, it just doesn't require any user interaction. I think educating users (yes, there are 2 different passwords) would be most effective. Some other solutions are maybe possible too: 1. give users the same password for mail and proxy and probably fetch them from the same source like LDAP (Win2000 Domain). 2. give users SeaMonkey for both browsing and mail, set it up to remember passwords, fill it with proxy and mail password, give users only the master password. 3. set up FF (and probably M$IE too) to use proxy on localhost - this way you will avoid interception and its problems and still give users benefit of local proxy server. I recommend using encrypted connections to protect your passwords, so you might need SSL patch to squid: http://devel.squid-cache.org/ssl/, at least for 1. and 3. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Despite the cost of living, have you noticed how popular it remains?