-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 7/10/2014 5:08 p.m., Victor Sudakov wrote: > James Harper wrote: >>> No, adding Basic is not an option because I will have to >>> provide special "proxy passwords" to the users, or make them >>> enter their Windows passwords by hand. This is highly >>> undesirable. Once they logon into Windows, they must have (or >>> not have) Web access transparently. >>> >>> If you know how to achieve SSO with Basic auth, please share. >>> >> >> I have a few idea's for out-of-band SSO, some of which I have >> experimented with... > > [dd] > >> >> 3. some bastardisation of identd. I've posted before about this. >> Identd assumes that the destination server is asking "who owns >> this connection" and so only gives port numbers because the IP is >> assumed from the ident connection (I have patched squid to fake >> the source address of the destination server so it works in >> transparent mode). Ident also has some serious security >> shortcomings, but they wouldn't be hard to solve. This new ident >> protocol would need: > > I even know/use a couple of identd services for Windows, > http://sourceforge.net/projects/retinascan/ is a good one. > > The sad irony is that ident lookups are also broken in squid34 > (the ident code leaks memory). > With a patch. http://bugs.squid-cache.org/show_bug.cgi?id=3803. The upstream version is also in there awaiting feedback on whether it works before being applied to stables. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUM3CHAAoJELJo5wb/XPRjMfIIAIXasQD+Y7WA6ldfsa7bEFTX 2L6nXtxREvNdQsAn3upELguGL4iiN9q79TNlzcM8mRdVft0KujUUsos6B63KXEMA 8N60hwEIWL6XKBwtX8eVZfGWrLnkClnIOeyi/bSqVxzgCxjeySMlnY5ROYreWpH7 YFk8WxPUZocksVwk60mgxcSI2qolJoLV8p/PT0Z6ZX9pDl+V3VkGEjAw+i2XlRLM nJgumYUO2BwCq5QPoFnM6UuFVBS51TEWXraQ9o/Iq+3vmaka3RAFtV1ech3s6RsP ZJQwuaEcz61O6qisyru5I2V6qbuhbsAyrMyE0r9Jmb+xyioz6xJsddEEG6m2scQ= =X9cz -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
