Gavin McCullagh wrote:
On Thu, 14 May 2009, Amos Jeffries wrote:
What can be done is to glean some details such as machine IP and do some
local not-quite-auth testing on it to see who is logged in and get their
username back (NP: not password). AD may be able to map IP to current
user. This has to be done in the background with an external_acl_type
helper. It's called out-of-band authorization.
Are there any docs or howtos around on this? We use authentication one one
subnet, but it's a bit of a pain. We're not really that concerned to
require people to remember passwords, we just want to work out who the user
is with a reasonable level of accuracy. Authenticated proxies seem to
break various clients so if out-of-band might be an interesting
alternative.
Gavin
Nothing easy to understand tat I know of. It's kind of wrapped in the
specific local management systems you use, to pull the IP out of the
request and compare it to some local database.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
Current Beta Squid 3.1.0.7
