Hi, Greetings to all from a new user to the list. A little background on my implementation scenario: * There are around 60 site offices * Each site has around 5-6 users * Head Office has 100+ users * Currently we are back-hauling all the traffic to HO and using squid for access control The obvious drawback is that site offices are not able to utilise their full bandwidth (DSL 512kbps - 1Mbps) as HO is the bottleneck with 4Mbps of 1:1 line. The alternative solution that we are working on is to: 1. Configure squid on a hosted server 2. Ask all the users to configure the hosted proxy 3. Squid will be configured for Authentication 4. Authentication has to be done against IMAPS server Now, the problem is, we can not use BASIC auth over public Internet and if we use DIGEST auth, we can not authenticate against IMAP. I had a look at external_acl_type authentication mechanism discussed in the list and have configured something like: external_acl_type hosted_auth ttl=0 %SRC /etc/squid/auth.pl acl loggedin external hosted_auth deny_info https://hostedserver/auth.html loggedin http_access deny !loggedin http_access allow all This auth.pl will check against a session DB (probably MySql) if user is already authenticated or not. While the HTML file displays a login form over HTTPS and sends request to a CGI script which authenticates against IMAPS and populates the DB with session information. I understand that I can not use cookies for authentication as browser will not include cookie set by our authentication page for request to other domains. I went through Amos' ext_sql_session_acl.pl which I am planning to use in place of auth.pl. But here's another catch - since there are more than 1 users behind the NAT, what parameters like %SRC could be used to identify a user uniquely in the session database, which should be persistently present in every request to Squid? I see a mention of the UUID tokens in the script as well, but was not able to understand how to use them. Any pointers would be of great help. Thanks & regards, Nishant
