Re: [squid-users] ACLs Implementation help

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 12 Nov 2010 04:56:02 +1300

On 12/11/10 04:08, Edmonds Namasenda wrote:
> Thank you all.
>
> On Thu, Nov 11, 2010 at 4:19 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
>> On 12/11/10 01:22, Edmonds Namasenda wrote:
>>>
>>> No continuous authentication required with every URL accessed or
>>> re-directions once the first log-in is accepted.
>>
>> Understood. That is not possible.
>>
>> HTTP is by design stateless. Each single TCP connection being able to be
>> used identically by both a single end-user browser or a middleware proxy
>> serving multiple users. Even if you believe your end-users are all browsers
>> you will likely be wrong at some point.
>>
> That means every URL accessed will ask for a password from the users.
> Then password authentication by squid is not advisable for corporate
> end users... it is an inconvenience.
>>
>> Amos
>>
> I believe I am a better squid administrator than when I joined. Throw me a bone!
>

Switch "users" with "browsers" and you have it right. There is a whole
layer of software between squid and the people at the screen.

The browser is supposed to remember these things once the person has
entered them. Or as in the case of Kerberos, to locate the credentials
without bothering the person at all.

If you are seeing a browser repeatedly asking for login then there is a
problem with the browser. Those can occasionally be hit by something it
does not like coming back from Squid. When that happens some network
forensics are needed to figure out whats going on.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for 3.2.0.3
Received on Thu Nov 11 2010 - 15:56:07 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 12 2010 - 12:00:02 MST