On 12/11/10 04:08, Edmonds Namasenda wrote:
Thank you all.
On Thu, Nov 11, 2010 at 4:19 PM, Amos Jeffries<squid3@xxxxxxxxxxxxx> wrote:
On 12/11/10 01:22, Edmonds Namasenda wrote:
No continuous authentication required with every URL accessed or
re-directions once the first log-in is accepted.
Understood. That is not possible.
HTTP is by design stateless. Each single TCP connection being able to be
used identically by both a single end-user browser or a middleware proxy
serving multiple users. Even if you believe your end-users are all browsers
you will likely be wrong at some point.
That means every URL accessed will ask for a password from the users.
Then password authentication by squid is not advisable for corporate
end users... it is an inconvenience.
Amos
I believe I am a better squid administrator than when I joined. Throw me a bone!
Switch "users" with "browsers" and you have it right. There is a whole
layer of software between squid and the people at the screen.
The browser is supposed to remember these things once the person has
entered them. Or as in the case of Kerberos, to locate the credentials
without bothering the person at all.
If you are seeing a browser repeatedly asking for login then there is a
problem with the browser. Those can occasionally be hit by something it
does not like coming back from Squid. When that happens some network
forensics are needed to figure out whats going on.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3