[squid-users] Simple pass-through authentication?

From: Kelly, Jack <Jack.Kelly_at_wsdevelopment.com>
Date: Tue, 1 Dec 2009 11:05:57 -0500

Hi everyone,

I have a very broad question that I simply can't seem to find enough
documentation on.

In my environment, my users are authenticating against a S2003 domain
controller using squid_ldap_auth. I'm doling out permissions to access
certain websites this way and it's working splendidly.

Each time they open a web browser, they're prompted for their
credentials. This is fine, but to reduce 'annoy' factor I'd really like
to find a way to implement a pass-through solution. I've been able to
find tidbits here and there on how to accomplish this with ntlm, but I
haven't seen any concrete examples of what to put in my conf file.

Below are the relevant lines. Simply put, could someone briefly describe
what packages I need to add + configure, and what lines need to be added
to my conf file? (Running Squid 3.1 on Debian.) Any articles you think
would help would also be appreciated.

Thanks!

auth_param basic program /usr/lib/squid3/squid_ldap_auth -b "<redacted>"
-D "<redacted>" -w <redacted> -d -f "sAMAccountName=%s" -h <redacted>
auth_param basic children 5
auth_param basic realm Proxy Service
auth_param basic credentialsttl 2 hours

Jack
 
--------------------------------------------------------

This message (and any associated files) is the property of
S. R. Weiner and Associates Inc. and W/S Development Associates LLC
and is intended only for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
subject to copyright or constitutes a trade secret. If you are not
the intended recipient you are hereby notified that any dissemination,
copying or distribution of this message, or files associated with this
message, is strictly prohibited. If you have received this message
in error, please notify us immediately by calling our corporate office
at 617-232-8900 and deleting this message from your computer.

Internet communications cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. Therefore, S. R. Weiner
and Associates, Inc. and W/S Development Associates LLC do not accept
responsibility for any errors or omissions that are present in this
message, or any attachment, that have arisen as a result of e-mail
transmission. If verification is required, please request a hard-copy
version of this message.

Any views or opinions presented in this message are solely those of
the author and do not necessarily represent those of the company.
Received on Tue Dec 01 2009 - 16:06:35 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 02 2009 - 12:00:01 MST