On Tue, 21 Jul 2009 14:41:38 -0400, "Schuetz, Charles" <cschuetz@xxxxxxxxxxx> wrote: > We are currently using Squid 3.0 Stable 13. We are currently sending > every= =3D one through the proxy/cache. We are implementing a user based > web cont= ent =3D filtering solution (not a linux based solution) that > authenticates = users ag=3D ainst edirectory. The current solution sends > all users who use= the proxy s=3D erver as a guest account as the Squid > box does not hit agai= nst edirectory. =3D My question is this, if I set > up the squid caching se= rver to use the exte=3D rnal authentication > (LDAP), will it pass the edirec= tory credentials onto th=3D e web filter > or will it not pass them at all. = So if a client computer logs=3D into > novell with the username jsmith will = it pass jsmith the to the web fi=3D > lter or will it not pass any username? Try the Squid eDirectory auth helper. It depends on how the other system is plugged into Squid as to how and what gets passed along. If the filtering solution is an HTTP peer hop the cache_peer option "login=PASS" (with exact text 'PASS' meaning pass-thru) will cause Squid to relay the credentials it gets given to the peer. AFAIK this only works for basic auth credentials in 3.0. If the filtering solution is ICAP capable, then everything received from the client goes through to the ICAP server AFAIK. If the filtering solution is a redirector the login is not passed, only the username if known. If the filtering solution is an external ACl the username/pass combo (%LOGIN) or the full raw auth headers ( %{Proxy-Authentication} and %{WWW-Authentication}) can be passed. Amos > > Thank you, > > The information contained in this email may be confidential and/or > privileged. It has been sent for the sole use of the intended recipient(s). > If the reader of this message is not an intended recipient, you are hereby > notified that any unauthorized review, use, disclosure, dissemination, > distribution, or copying of this communication, or any of its contents, is > strictly prohibited. If you have received this communication in error, > please contact the sender by reply email and destroy all copies of the > original message.