Search squid archive

Re: can squid handle indirect request from clients ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey,
There are couple ways to look at authentication and some would sometimes trade authorization to authentication and vise versa.
In some environments there is a mix of both terms which is required to build a logical service unit. I do not have all my archives but I remember that someone have asked about some single sign on system which grants access using a login page to many in campus systems. 
It was based on a very complex system which I do not remember right now.
There are options to run some process triggered by a radius server login or any other system that would be considered the authorization authority to mark a specific IP as ALLOWED or under some group. I know that there are many network systems which uses a network level authorization and it is very useful. The main difference between directly authenticating to squid vs 3rd party authentication is the way and level of authentication.
For example a radius server with an enterprise level switch and\or wifi access point can provide authentication encryption layer which squid direct authentication cannot provide and no matter what you will do. Of course that in many cases it will require absolute reliability and should not allow mistakes. One rule of thumb in the raidus lands network authentication security level is: 
Every authenticated user can be only identified with one IP at a time.
So yes squid doesn't support a direct proxy authentication level in intercept and tproxy modes BUT using some external_acl helpers it's pretty simple to connect squid and an external authentication system. Here the answer turns the tables and makes it possible to authenticate even in intercept and tproxy mode but not at the same way many might think of. 

All The Bests,
Eliezer

On 18/02/2015 04:04, snakeeyes wrote:

Thanks eleizer , but does it support other types like radius authentication ?

I mean all types of  authentications are forbidden in intercept mode ?



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux