On Wed, 21 Jul 2010 21:21:05 -0700 (PDT), rscho <rudi.schoebel@xxxxxxxxxxxxx> wrote: > We've used SquidNT 2.7 using the fakeauth_auth helper to log users requests "SquidNT" was an experimental development branch. I hope you mean the Squid windows build from Acme. > without authentication. It silently gets the user name without the browser > having to request the user to supply credentials, which is what we require. > > We're trying to move to a Ubuntu server and none of the pre-built binaries > include fakeauth_auth. We'd prefer not to have to compile our own squid > because our IT policy states we must remain compliant with Ubuntus' apt-get > update mechanism. > > To get around this we've written c & python helpers that can extract the > username and supply "OK user=UserName" to squid, but not without the > browser > prompting the user for this information. Is there a way without > fakeauth_auth to have squid or a helper silently obtain the username from a > users browser? > > Any pointers, links or examples would much appreciated. You seem to be under a misconception about how fakeauth works. It does not retrieve the username silently from the browser, it uses the regular username retrieval methods and says OK for every piece of garbage that comes back regardless of whether the response was a valid user login or not. The silent bit comes from browsers being able to fetch NTLM credentials from the operating system without user approval. This should work regardless of the Squid authenticator. It only becomes a popup when the browser sends invalid credentials and gets challenged to supply valid ones. I've added the old perl version called no_check.pl to the Squid FTP at ftp://ftp.squid-cache.org/pub/squid/contrib/no_check (may take a short while for the mirrors to pick it up). Please make a feature-request bug to the Debian package maintainer to include the fake helpers. Amos
