entry instead of checking the cache
>> state every hour.
> I agree. However this is a common algorithm for all of Squid
> authentication types. Updating it should be done as a separate action
> and cover more than just this auth scheme. In particular the core cache
> code is share
However this is a common algorithm for all of Squid
authentication types. Updating it should be done as a separate action
and cover more than just this auth scheme. In particular the core cache
code is shared by Basic and Digest.
>> +// only clear tokens out of cache after
On 07/31/2014 03:29 AM, Amos Jeffries wrote:
> A garbage collection TTL "cleanup_interval" is configurable and removes
> cache entries which have been stale for at least 1 hr.
While some old code still uses periodic cleanup, I think we should avoid
adding more code like that. Periodic cleanup le
RFC 6750 OAuth 2.0 Authorization Framework: Bearer Token Usage
The attached patch adds a minimal implementation of Bearer
authentication scheme to Squid. It consists of three components:
1) Squid build system infrastructure for building Bearer authentication
2) A testing fake-auth helper
xpanded key_extras value is added to the Squid credentials cache and,
> hence, will affect authentication.
>
> Please review that the added documentation cover most of the problems
> will may appear by key_extras misuse.
>
Problem:
s/ dentical / identical /
I doubt we truly kno
affect authentication.
Please review that the added documentation cover most of the problems
will may appear by key_extras misuse.
Regards,
Christos
=== modified file 'src/cf.data.pre'
--- src/cf.data.pre 2014-01-12 17:51:12 +
+++ src/cf.data.pre 2014-01-27 10:06:21 +
@@ -313,
Amos Jeffries wrote:
>>> On 23/11/2013 5:42 a.m., Tsantilas Christos wrote:
>>>> I am sending a new patch which I hope meets the requirements.
>>>>
>>>> It supports only one %key_extras authentication scheme parameter. This
>>>> is just
ending a new patch which I hope meets the requirements.
>>>
>>> It supports only one %key_extras authentication scheme parameter. This
>>> is just append to the current request line format.
>>
>>
>> Thank you. Looks much better.
>>
>>
>>
On 23/11/2013 5:42 a.m., Tsantilas Christos wrote:
> I am sending a new patch which I hope meets the requirements.
>
> It supports only one %key_extras authentication scheme parameter. This
> is just append to the current request line format.
Thank you. Looks much better.
On 11/19/2013 07:46 PM, Amos Jeffries wrote:
> On 20/11/2013 12:49 p.m., Alex Rousskov wrote:
>> On 11/19/2013 04:01 PM, Amos Jeffries wrote:
>
>
>>> If you want to omit it from this patch and do it as a second one that
>>> would be okay.
>>
>> I do not like the idea of increasing the amount of w
On 20/11/2013 12:49 p.m., Alex Rousskov wrote:
> On 11/19/2013 04:01 PM, Amos Jeffries wrote:
>> If you want to omit it from this patch and do it as a second one that
>> would be okay.
>
> I do not like the idea of increasing the amount of work further by
> splitting this feature into two. I thi
On 11/19/2013 04:01 PM, Amos Jeffries wrote:
> On 2013-11-20 08:11, Alex Rousskov wrote:
>> On 11/19/2013 02:54 AM, Tsantilas Christos wrote:
>>
>>> My understanding is that we need:
>>> 1) Allow configuring the request format using one of the following:
>>>a) Use a request_format configuration
On 2013-11-20 08:11, Alex Rousskov wrote:
On 11/19/2013 02:54 AM, Tsantilas Christos wrote:
My understanding is that we need:
1) Allow configuring the request format using one of the following:
a) Use a request_format configuration parameter plus the
%credentials formating code
b) Use th
On 11/19/2013 02:54 AM, Tsantilas Christos wrote:
> My understanding is that we need:
> 1) Allow configuring the request format using one of the following:
>a) Use a request_format configuration parameter plus the
> %credentials formating code
>b) Use the following request format:
>
On 11/18/2013 10:11 PM, Alex Rousskov wrote:
> On 11/18/2013 10:51 AM, Tsantilas Christos wrote:
>> On 11/17/2013 07:00 AM, Alex Rousskov wrote:
>>> On 11/16/2013 08:01 PM, Amos Jeffries wrote:
On 17/11/2013 3:21 p.m., Alex Rousskov wrote:
>auth_param digest key_suffix "%lp"
>>>
H
On 11/18/2013 10:39 PM, Amos Jeffries wrote:
> On 2013-11-19 08:47, Alex Rousskov wrote:
>> On 11/18/2013 10:57 AM, Tsantilas Christos wrote:
>>> On 11/15/2013 05:11 PM, Amos Jeffries wrote:
in src/auth/ntlm/UserRequest.cc:
* the YR and KK are lookups codes, not part of the credentia
On 2013-11-19 08:47, Alex Rousskov wrote:
On 11/18/2013 10:57 AM, Tsantilas Christos wrote:
On 11/15/2013 05:11 PM, Amos Jeffries wrote:
in src/auth/ntlm/UserRequest.cc:
* the YR and KK are lookups codes, not part of the credentials. They
must be first on the helper query line and not manipula
On 11/18/2013 10:51 AM, Tsantilas Christos wrote:
> On 11/17/2013 07:00 AM, Alex Rousskov wrote:
>> On 11/16/2013 08:01 PM, Amos Jeffries wrote:
>>> On 17/11/2013 3:21 p.m., Alex Rousskov wrote:
auth_param digest key_suffix "%lp"
>>
>>> Halfway: key_extras ?
>>
>>
>> Works for me.
>
> Jus
On 11/18/2013 10:57 AM, Tsantilas Christos wrote:
> On 11/15/2013 05:11 PM, Amos Jeffries wrote:
>> in src/auth/ntlm/UserRequest.cc:
>>
>> * the YR and KK are lookups codes, not part of the credentials. They
>> must be first on the helper query line and not manipulable by the admin.
>> - same prob
On 11/17/2013 07:00 AM, Alex Rousskov wrote:
> On 11/16/2013 08:01 PM, Amos Jeffries wrote:
>> On 17/11/2013 3:21 p.m., Alex Rousskov wrote:
>>>auth_param digest key_suffix "%lp"
>
>> Halfway: key_extras ?
>
>
> Works for me.
Just to summarize.
Is this means that the request_realm renamed
On 11/15/2013 05:11 PM, Amos Jeffries wrote:
> in src/auth/ntlm/UserRequest.cc:
>
> * the YR and KK are lookups codes, not part of the credentials. They
> must be first on the helper query line and not manipulable by the admin.
> - same problem in Negotiate as well.
If we remove the lookupcodes
On 11/16/2013 08:01 PM, Amos Jeffries wrote:
> On 17/11/2013 3:21 p.m., Alex Rousskov wrote:
>>auth_param digest key_suffix "%lp"
> Halfway: key_extras ?
Works for me.
Alex.
On 17/11/2013 3:21 p.m., Alex Rousskov wrote:
> On 11/15/2013 11:49 PM, Amos Jeffries wrote:
>>>> Now about the name: "realm_format" is a bad choice IMO because some
>>>> folks will think that it controls the format of the authentication realm
>>>>
On 11/15/2013 11:49 PM, Amos Jeffries wrote:
>> > Now about the name: "realm_format" is a bad choice IMO because some
>> > folks will think that it controls the format of the authentication realm
>> > string displayed to the user (for schemes where we can spec
t;> The attached patch add the "auth_param request_format" and "auth_param
>>>>> request_realm" to proxy authentication schemes.
>>>>>
>>>>> The request_format value used to define the format of the helper request
>>>>> li
; and "auth_param
>>>> request_realm" to proxy authentication schemes.
>>>>
>>>> The request_format value used to define the format of the helper request
>>>> line. It is a "quoted string" with logformat %macro support. A new
>>&
On 16/11/2013 6:13 a.m., Alex Rousskov wrote:
> On 11/15/2013 08:11 AM, Amos Jeffries wrote:
>> On 30/10/2013 5:13 a.m., Tsantilas Christos wrote:
>>> The attached patch add the "auth_param request_format" and "auth_param
>>> request_realm&quo
On 11/15/2013 08:11 AM, Amos Jeffries wrote:
> On 30/10/2013 5:13 a.m., Tsantilas Christos wrote:
>> The attached patch add the "auth_param request_format" and "auth_param
>> request_realm" to proxy authentication schemes.
>>
>> The request_forma
On 30/10/2013 5:13 a.m., Tsantilas Christos wrote:
> Hi all,
>
> The attached patch add the "auth_param request_format" and "auth_param
> request_realm" to proxy authentication schemes.
>
> The request_format value used to define the format of the helper
On 11/14/2013 10:01 PM, Amos Jeffries wrote:
> On 2013-11-14 22:36, Tsantilas Christos wrote:
>> ping for this patch...
>>
>> If not objection I will commit this patch to trunk
>>
>
> I'd like to have another read through it before that happens. Sorry.
> Will try to get that done later today.
No
On 2013-11-14 22:36, Tsantilas Christos wrote:
ping for this patch...
If not objection I will commit this patch to trunk
I'd like to have another read through it before that happens. Sorry.
Will try to get that done later today.
Amos
ping for this patch...
If not objection I will commit this patch to trunk
Regards,
Christos
On 10/29/2013 06:13 PM, Tsantilas Christos wrote:
> Hi all,
>
> The attached patch add the "auth_param request_format" and "auth_param
> request_realm" to proxy
est_format should come from logformat
codes where available (and we can add new ones where needed). I used
more readable names for illustration purposes only.
This feature is needed for Squid admins that have to use different
internal authentication lookup algorithms(*) depending on various
transaction
t;>
>> The TLS/SSL options configured with http_port configuration parameter
>> does not used to generate SSL_CTX context objects used to establish SSL
>> connections. This is means that certificate based authentication, or SSL
>> version selection and other SSL/TLS http
gt; connections. This is means that certificate based authentication, or SSL
> version selection and other SSL/TLS http_port options does not work for
> ssl-bumped connection.
>
> This patch fixes this problem.
>
> This is a Measurement Factory project
>
TLS/SSL Options does not apply to the dynamically generated certificates
The TLS/SSL options configured with http_port configuration parameter
does not used to generate SSL_CTX context objects used to establish SSL
connections. This is means that certificate based authentication, or SSL
version
ons 2011-12-14 klockan 13:46 +1300 skrev Amos Jeffries:
> The reason why it is not supported is that NTLM (and Negotiate to a
> lesser degree) protocol is stateful and spreads pieces of the
> challenge/token-exchange/credentials-response over several HTTP
> requests. To handle this each hel
ce.
Among those features, there is one missing and I cannot get why :
ntlm authentication concurrency. You have released a multiplexer for
old helpers (and I have written a new one with some new features like
wiping unused helpers,...) and Squid supports the protocol, but
actually concurrency on 3
why : ntlm
authentication concurrency. You have released a multiplexer for old helpers
(and I have written a new one with some new features like wiping unused
helpers,...) and Squid supports the protocol, but actually concurrency on 3.1
(we are talking of production suitable products) cannot be
On Thu, 16 Jun 2011 00:51:36 +0430, Majid Azimi wrote:
Hi guys,
Are squid core developers interested in providing authentication
against SQLite?
the current auth_db helper is only authenticating against MySQL.
The DB helper accepts any SQL database. MySQL is only the default.
Use the --dsn
Hi guys,
Are squid core developers interested in providing authentication
against SQLite?
the current auth_db helper is only authenticating against MySQL.
On 25/01/11 20:56, Fabian Hugelshofer wrote:
Hi,
On 12/01/11 00:14, Henrik Nordström wrote:
tis 2011-01-11 klockan 11:37 +0100 skrev Fabian Hugelshofer:
What do you think about removing the special handling for Mozilla/3 and
Netscape/3 agents from HttpMsg.cc?
+1 from me.
How large is the
Hi,
On 12/01/11 00:14, Henrik Nordström wrote:
tis 2011-01-11 klockan 11:37 +0100 skrev Fabian Hugelshofer:
What do you think about removing the special handling for Mozilla/3 and
Netscape/3 agents from HttpMsg.cc?
+1 from me.
How large is the chance that there is still an affected browser
ons 2011-01-12 klockan 12:57 +1300 skrev Amos Jeffries:
> There are two cases here, the Netscape one, yes is close to none.
> However as you pointed out there are download agents using Mozilla/3.0.
> How certain are we that the second hack case for that agent string is
> not aimed at a popular
On 12/01/11 12:14, Henrik Nordström wrote:
tis 2011-01-11 klockan 11:37 +0100 skrev Fabian Hugelshofer:
What do you think about removing the special handling for Mozilla/3 and
Netscape/3 agents from HttpMsg.cc?
+1 from me.
How large is the chance that there is still an affected browser in u
tis 2011-01-11 klockan 11:37 +0100 skrev Fabian Hugelshofer:
> What do you think about removing the special handling for Mozilla/3 and
> Netscape/3 agents from HttpMsg.cc?
+1 from me.
> How large is the chance that there is still an affected browser in use?
Pretty close to none. And if there
a software upgrade tool
(http://www.kcsoftwares.com/index.php?sumo) that uses "Mozilla/3.0
(compatible)" as User-Agent string. According to www.user-agents.com
this string is used by some download managers.
The problem occurs in an environment that uses NTLM authentication. The
upgrade tool sup
deals with the parent proxy's authorization and
provides authorization free access to programs on my machine. But the
local proxy sends HTTP Basic authentication header in HTTP requests if
the following configuration directive is used :
cache_peer 192.168.10.1 parent 8080 0 no-query
mån 2010-05-03 klockan 15:58 +0100 skrev Michael Graham:
> My current feeling is that I will need to send the IP address to the
> helpers. This would mean putting the IP address into the
> AuthUserRequest and then adding a configuration option to the send the
> address.
My preference would be to
Hi all,
I'm interested in being able to authenticate to different LDAP servers
or to only allow transparent authentication from some IP addresses.
I've had a brief look at the wiki[1] but it doesn't seem to work
correctly with NTLM authentication.
My current feeling is that I wi
On Wed, 07 Oct 2009 02:48:37 +0200, Henrik Nordstrom
wrote:
> ons 2009-10-07 klockan 13:09 +1300 skrev Amos Jeffries:
>
>> 3.0 uses a generic fail() mechanism to send results back. That mechanism
>> seems not to add the Proxy-Auth reply header at all. 3.0 also was only
>> parsing the URL and conf
ons 2009-10-07 klockan 13:09 +1300 skrev Amos Jeffries:
> 3.0 uses a generic fail() mechanism to send results back. That mechanism
> seems not to add the Proxy-Auth reply header at all. 3.0 also was only
> parsing the URL and config file. Popup re-sends contain the auth in headers
> not URL.
Stra
On Tue, 06 Oct 2009 23:25:35 +0200, Henrik Nordstrom
wrote:
> ons 2009-10-07 klockan 10:06 +1300 skrev Amos Jeffries:
>
>> Firefox-3.x wil happyily popup the ftp:// auth dialog if the proxy-auth
>> header is sent.
>> There were a few bugs which got fixed in the 3.1 re-writes and made
squid
>> sta
ons 2009-10-07 klockan 10:06 +1300 skrev Amos Jeffries:
> Firefox-3.x wil happyily popup the ftp:// auth dialog if the proxy-auth
> header is sent.
> There were a few bugs which got fixed in the 3.1 re-writes and made squid
> start to send it properly. It's broken in 3.0, not sure if its the same
Subject: Re: [squid-users] Re: squid 2.7 - problems with kerberos
authentication
2 сентября 2009 г. 14:32 пользователь Дмитрий Нестеркин
(undelb...@gmail.com) написал:
external_acl_type ldap_check ttl=1200 %LOGIN
/usr/lib/squid/squid_ldap_group -R -b "dc=mydomain,dc=local" -f
"(&a
Note to the list:
after discussion on IRC things have changed.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
Current Beta Squid 3.1.0.13
ve with real pass-thru.
They only syntesise if there is nothing to pass-thru.
> The fact that the first two were abusable as pass-thru and PASS in
> particular in too many guides used as semantic transparent pass-thru is
> a problem.
How so?
> > PASS -> WWW+Proxy authen
transparency
The fact that the first two were abusable as pass-thru and PASS in
particular in too many guides used as semantic transparent pass-thru is
a problem.
PASS -> WWW+Proxy authentication passed along as-is if present.
external_acl auth added as basic Proxy-Auth if none present.
Idea
>From what I can tell the difference between the PASSTHRU and PASS is
only that PASSTHRU do not add any injected credentials from
external_acl, right?
Imho there is no need for more than two of these options.
PASS -> WWW+Proxy authentication passed along as-is if present.
external_ac
count of how many concurrent transactions are
going on on that helper). I may be wrong. Regardless, you *must* queue
to the same helper though.
A trace of 84,9 29,9 may help.
> The other two possibilities I can immediately think of:
>
> * 1 - authentication is aborted somewhere for whatever r
's a disconnect between the
authentication state of the client -and- the authentication state of
ntlm_auth.
I'm trying to eliminate the possibilities here.
The stateful helper stuff seems correct enough, so requests aren't
being queued to already busy stateful helpers.
The
Do I understand right that in squid-2 you don't support it ?
Markus
"Henrik Nordstrom" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
On sön, 2008-09-14 at 12:00 +0100, Markus Moeller wrote:
My squid_kerb_auth helper would benefit from a better Makefile. To do
that
I created co
fre 2008-01-25 klockan 08:42 +0200 skrev Razard:
> Question about basic user authentication on proxy.
>
> If user get http web page first times, the proxy respond to
> authenticate them unsecure as default, so what described on login
> windows on browser. But if user get http
Hi!
Question about basic user authentication on proxy.
If user get http web page first times, the proxy respond to
authenticate them unsecure as default, so what described on login
windows on browser. But if user get https page, browser creates SSL
connection and no warnings about plain text
http://www.squid-cache.org/mail-archive/squid-users/200801/0364.html
Okay, this version might even work. Once I realised i had to reimplement the
original patch it was easy. There I go, tempting fate again.
http://www.squid-cache.org/bugs/show_bug.cgi?id=1278
Caveats. I don't know all the code
Thanks. I have now a patch for STABLE13 which you can get from
http://squidkerbauth.cvs.sourceforge.net/*checkout*/squidkerbauth/squid_kerb_proxy_auth/squid-2.6.STABLE13-kerb.patch?revision=1.2
and
http://squidkerbauth.cvs.sourceforge.net/*checkout*/squidkerbauth/squid_kerb_proxy_auth/squid_ker
On sön, 2007-07-22 at 14:44 +0100, Markus Moeller wrote:
> I think I know why my patch doesn't work for CONNECT sites. The reason is
> that request->host does NOT contain the next proxy as it is the case for the
> GET method. Is there any other structure/varibale which contains the next
> proxy
I had also a config error why Basic auth didn't work. I can now use Basic
auth through the isa server for CONNECT.
Markus
"Markus Moeller" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>I did some further investigation and it seems the ISA server reacts
>differently for CONNECT a
I think I know why my patch doesn't work for CONNECT sites. The reason is
that request->host does NOT contain the next proxy as it is the case for the
GET method. Is there any other structure/varibale which contains the next
proxy for all methods ?
Thanks
Markus
"Markus Moeller" <[EMAIL PROT
I did some further investigation and it seems the ISA server reacts
differently for CONNECT and GET. I tried both Basic and Negotiate with the
existing squid way of doing it (not waiting for a 407, but immediatly send a
Proxy Authorization) and in both cases it works fine for HTTP GET and fails
Find attached a patch which adds a call to my functions to http.c and a tar
file with my routines. To make it work do the following:
1) Patch 2.6.STABLE13 with my patch file and extract my source to squid's
src directory.
2) Run configure with CFLAGS="-I/usr/kerberos/include"
LDFLAGS="-L/usr/ke
On tis, 2007-07-03 at 21:19 +0100, Markus Moeller wrote:
> I am now looking at http.c ( squid 2.6STABLE13) and I think I can add some
> code around here:
>
> } else {
> httpHeaderPutStrf(hdr_out, HDR_PROXY_AUTHORIZATION, "Basic %s",
> base64_encode(orig_request
I have now a test version working (with hardcoded cache_peer hostname). So
basically seems to work as Basic auth without looking at the 407 return
code.
Markus
"Markus Moeller" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>I am now looking at http.c ( squid 2.6STABLE13) and I t
I am now looking at http.c ( squid 2.6STABLE13) and I think I can add some
code around here:
} else {
httpHeaderPutStrf(hdr_out, HDR_PROXY_AUTHORIZATION, "Basic %s",
base64_encode(orig_request->peer_login));
}
The only value I need at that point is the
On Sun, 2007-07-01 at 13:31 +0100, Markus Moeller wrote:
> How do you to it then with Basic authentication ? I thought that is
> implemented or don't you wait either on a 407 ?
We don't wait for the 407.. just blindly add the header on the
assumption that if it's config
How do you to it then with Basic authentication ? I thought that is
implemented or don't you wait either on a 407 ?
Thank you
Markus
"Henrik Nordstrom" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
On Sat, 2007-06-30 at 23:53 +0100, Markus Moeller wrote:
> I'd like to implement a way that squid authenticates to an upstream ISA
> proxy server. The ISA server will request a Proxy-Authenticate: Negotiate
> and I have a routine which can create the Kerberos token for the
> Proxy-Authorize: Ne
I'd like to implement a way that squid authenticates to an upstream ISA
proxy server. The ISA server will request a Proxy-Authenticate: Negotiate
and I have a routine which can create the Kerberos token for the
Proxy-Authorize: Negotiate response, but I am not sure where I need to add
the code
enrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Friday, June 15, 2007 3:36 PM
To: Vootla, Bhagwan
Cc: [EMAIL PROTECTED]; squid-dev@squid-cache.org
Subject: RE: Squid + ldap +ssl Secure authentication
fre 2007-06-15 klockan 12:42 -0400 skrev Vootla, Bhagwan:
> Using -Z option still returns me "C
fre 2007-06-15 klockan 12:42 -0400 skrev Vootla, Bhagwan:
> Using -Z option still returns me "Could not Activate TLS connection"
> I also tried with -p 636, which does not return me anything . Somehow I
> need to implement this to meet the deadline (tomorrow).
-Z is LDAPv3 STARTTLS on the norm
AIL PROTECTED]; squid-dev@squid-cache.org
Subject: Re: Squid + ldap +ssl Secure authentication
tor 2007-06-14 klockan 07:47 -0400 skrev Vootla, Bhagwan:
> 1)I have read that SSL encryption can be achieved from proxy
> server to ldap server only. How can I achieve from browser to proxy
> s
tor 2007-06-14 klockan 07:47 -0400 skrev Vootla, Bhagwan:
> 1)I have read that SSL encryption can be achieved from proxy
> server to ldap server only. How can I achieve from browser to proxy
> server ?
Squid has all the support that is needed on the proxy side of things for
this, by using the
Greetings !
I configured Squid+LDAP which works fine, but passwords are sent in
plain text format over LAN.
I need to send the passwords over SSL. In this regard, I have two
questions.
1) I have read that SSL encryption can be achieved from proxy
server to ldap server only. How can I achi
fre 2007-05-11 klockan 14:12 -0500 skrev Stefan Adams:
> I've been pondering...
>
> Surely this technique does not work with users in a ThinClient
> environment? ThinClients are quickly growing in popularity. How
> could this technique be improved to support Linux PCs which merely act
> as dumb
I've been pondering...
Surely this technique does not work with users in a ThinClient
environment? ThinClients are quickly growing in popularity. How
could this technique be improved to support Linux PCs which merely act
as dumb terminals that open a Remote Desktop Connection to a single
Window
ons 2007-05-09 klockan 13:43 -0500 skrev Stefan Adams:
> On 5/9/07, Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
> > Sure. Been on the devel.squid-cache.org since promised..
> >
> > http://devel.squid-cache.org/projects.html#ntlm_ip_cache
>
> Bah! I did end up finding it -- THANKS!! I had used yo
On 5/9/07, Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
Sure. Been on the devel.squid-cache.org since promised..
http://devel.squid-cache.org/projects.html#ntlm_ip_cache
Bah! I did end up finding it -- THANKS!! I had used your direct link
also provided in the message
(http://devel.squid-cache
ons 2007-05-09 klockan 13:29 -0500 skrev Stefan Adams:
> Henrik, thanks for your great response! I have a question below...
>
> On 4/2/07, Henrik Nordstrom <[EMAIL PROTECTED]> wrote:
> > > off frequently. When the cache is expired or empty, authentication
> >
ons 2007-05-09 klockan 13:20 -0500 skrev Stefan Adams:
> 1) IP-based timed session. Authentication is actually done via a web
> page and not using the browser's built-in authentication schemes.
> This provides a lot of flexibility. Once the user enters credentials
> into t
enter squid in with commercial players like Barracuda. There are
two ways that authentication works with the Barracuda:
1) IP-based timed session. Authentication is actually done via a web
page and not using the browser's built-in authentication schemes.
This provides a lot of flexibility. Onc
lör 2007-03-31 klockan 12:27 -0500 skrev Stefan Adams:
> 1) I understand that a browser asks a user for authentication because
> the proxy server instructs the browser that it needs credentials. My
> idea is to provide a server-side caching option within squid that
> would only ask
On Sat, Mar 31, 2007, Stefan Adams wrote:
> Hello squid developers!
>
> I have been devoting a lot of time to authentication within the proxy.
> However, every solution I provide to my customers is unacceptable.
> They simply get prompted too often or something doesn't wo
Hello squid developers!
I have been devoting a lot of time to authentication within the proxy.
However, every solution I provide to my customers is unacceptable.
They simply get prompted too often or something doesn't work at all.
Using NTLM, certain sites, e.g. links to videos on cn
fre 2007-03-23 klockan 17:13 -0400 skrev Edmundo Carmona:
> If you are interested in the helper, let me know, so I can send it
> (once I make it during the next days) for your consideration so it
> becomes a part of squid by deault.
Sure. You are most welcome to submit alternative authe
Hi!
Some months ago I made a helper (with php) that authenticates users
against ActiveDirectory using LDAP. I had used ntlm_auth before, but
after switching Domain Controllers, I wasn't able to make it work
again (because of trust problems), so I decided to skip all the
kerberos/samba/winbind/ntl
log codes..
authentication is the most obvious, but there is significant collisions
in other aspects as well.
We have held back on the log codes in fear of breaking log parsers, but
now with the custom log formats we are free to invent again without the
same level of fear.
To solve this I suggest introducing
oh I WHOLE_HEARTEDLY agree! the logs are filled with duplicate requests
because of this
_J
>>> Adrian Chadd <[EMAIL PROTECTED]> 12/12/06 11:22 PM >>>
Hiya,
I've had a few customers ask me why there's "TCP_DENIED"s in the
logfiles and I've
tried
Hiya,
I've had a few customers ask me why there's "TCP_DENIED"s in the logfiles and
I've
tried to explain that its part of the NT authentication process.
What would be nice is if we could log a bunch of different TCP_DENIEDs, covering
for example:
* "no supplied
fre 2006-11-24 klockan 09:12 -0500 skrev Jeremy Hall:
> If I have configured authentication for both ntlm and basic so that
> legacy browsers that do not support ntlm may use my proxy, how then do I
> allow these users to connect to a site that uses basic authentication
> for their
Hello,
If I have configured authentication for both ntlm and basic so that
legacy browsers that do not support ntlm may use my proxy, how then do I
allow these users to connect to a site that uses basic authentication
for their own purposes?
For example I can't log into cisco.com unl
1 - 100 of 173 matches
Mail list logo
