Thanks Chris, You solve my auth crypt problem, how ever, still have a doubt about a single-authentication in a squid farm. You tell: "As long as all the proxies use the same data source to authenticate against, no extra work will be required. HTTP is a stateless protocol, so the browser passes authentication details along with every request that should require it." So this mean that the horrible login box asking user/password will apear just once??? I told about using squid with domain passwords so single-sign-on domain capability will be great, but they dont want to use domain passwords, so this is not an option. Regards, LD Le Thursday 27 September 2007 18:50:02 Chris Robertson, vous avez écrit : > Luis Daniel Lucio Quiroz wrote: > > Hi All, > > > > We are planning to install a farm of -nsquids to provide our company > > enhanced web suffering experience and to control security on who is > > where. However, we have some requirements I'm not really sure that squid > > is captable of them, here they are: > > - Squids need to be auth, however, auth must be agains an openldap (I > > know this is possible). The fact is that auth MUST be crypted. I was > > thinking about Cipher auth that is done with MD5 but we really dont know > > what is the crypt hash of ldap. > > See > http://www.squid-cache.org/mail-archive/squid-users/200212/0005.html, > http://www.squid-cache.org/mail-archive/squid-users/200407/0697.html and > finally > http://wiki.squid-cache.org/KnowledgeBase/Using_the_digest_LDAP_autheticati >on_helper > > In the last link, where it talks about Installing and testing the > helper, Squid 2.6 is equivalent to Squid 2 HEAD, as the digest_ldap_auth > helper is included with Squid 2.6 > > > - Authentication must be share, in the way that if I've already authed in > > squid1, then squid2 shouldnt ask me authentication. I'm not really shure > > if ICP or HTCP cand do this. Squis farm is balanced by an external > > apliance so we dont know what squidN is responding to replay. > > As long as all the proxies use the same data source to authenticate > against, no extra work will be required. HTTP is a stateless protocol, > so the browser passes authentication details along with every request > that should require it. > > > I home someone could give me any clue. > > > > Regards, > > > > LD > > Chris
