>> -----Original Message----- >> From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] >> Sent: Friday, September 19, 2008 2:31 PM >> To: Andrew Struiksma >> Cc: 'squid-users@xxxxxxxxxxxxxxx' >> Subject: Re: Reverse proxy with LDAP authentication >> >> On fre, 2008-09-19 at 13:04 -0700, Andrew Struiksma wrote: >> > We have a company intranet server running Apache2 on Debian 4. >> > Currently it is only available on our LAN. We would like to make it >> > available outside our LAN. However, we want users to have to >> > authenticate against our Active Directory when they are coming from >> > the outside. Once they have authenticated, they should have full >> > access to the internal website. Is this something that Squid can do? >> >> Yes, with some limitations. >> >> The limitation is that there is only one authentication slot >> in HTTP, so if the web server also uses HTTP authentication >> then it needs to use the exact same authentication (basic >> authentication to the same password backend), or you need to >> set up a special authentication peering between the two (see >> the login= cache_peer option). >> >> >> Note: If the web server is only using cookie based forms >> authentication then there is nothing to worry about. > > The main website used form based cookie authentication but can also use > HTTP authentication. Is there a sample squid.conf on how to perform the > reverse proxy + AD authentication? > > Thanks for the info. > > Andrew > Accelerator mode uses the WWW-Authentication headers for auth just like any web server would. To pass it back further to the real webserver the cache_peer gets a small tweak: http://wiki.squid-cache.org/SquidFaq/ReverseProxy#head-c59962b21bb8e2a437beb149bcce3190ee1c03fd Amos
