On Tue, 9 Aug 2011 17:45:10 -0400, Nathan Rice wrote:
Hello all,
I apologize if I missed this when I was perusing the squid
documentation. I am looking for caching proxy with the ability to
transparently authenticate at a remote site on behalf of users. For
example, a user requests page X, which requires a password; the squid
server fetches this page on behalf of the user, providing canned
credentials when required; squid then serves this page to the user
without requiring any password.
Is this possible with squid? If so, could someone kindly point me to
the relevant section of the documentation?
Thank you,
Nathan Rice
Site credentials are normally restricted very strictly to
browser->website communication and the proxy does not take part.
That said, for specific site(s) you can configure an explicit
originserver cache_peer link to the web server. Using the login= option
to send credentials for all requests down that link.
http://www.squid-cache.org/Doc/cofnig/cache_peer
These are restricted to insecure Basic auth credentials in all squid.
Latest releases extend this to include Negotiate/Kerberos auth as
mentioned in that doc.
NOTE that in any event the user is never actually authenticated. What
goes down the link may in fact be multiple interleaved "users" on the
receiving side of Squid. The only thing that type of auth validates is
that the request came through your Squid. Be careful.
Amos
