On 16/04/11 12:30, Joachim Wiedorn wrote:
Hello,
since some days I search for the way how I can use the login data of the
user on his computer (client) for authentication check while he is using
his browser.
As I have understood if I activate authentication in /etc/squid3/squid.conf
then the browser ask the user at the first time of web access for username
and password. But the user always have done a login on this client computer
so why must I start this second authentication check of the user?
This way would be useful for use with LDAP or AD, but also with PAM
authentication.
Does anywhere know the solution?
There are two.
1) Use a browser configured to send the machine login as if it was a
network login. (holy wars are fought over whether this is a good idea or
even safe).
2) use IDENT protocol to query the machine about what user is logged in.
This stops being authentication though. It is hard to determine if the
machine logged in user is actually the software making the request (or
just a virus etc running while they are logged in or someone else
"connection sharing" through that login).
Oh and (2) is firewalled widely around the net for security. So only
works reliably on LAN.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.6
