Please forgive the waffle.
We have an authenticated Squid proxy passing through to ATHENS Authentication. http://www.athens.ac.uk. This works superbly well, and is basically so our off campus users can use IP restricted resources.
Details of exactly what we are doing are available at http://libweb.apu.ac.uk/authen/proxy.htm (you should get the picture) It's a fairly basic Username / Password Authentication setup fired by a .pac file the users setup in their browser.
As with all things they move on. Maintaining a 12,000 user name space requires a fair bit of admin. Maintaining 2 is just a waste of time, and is exactly what we are doing at the moment. Add in "Students" to the mix and you see the problem.
Solution: Junk the ATHENS auth in favour of a Devolved authentication
method. Use a Local name space (In this case our Library Login using Aleph 500) with Devolved ATHENS via a session cookie based system and we have an interesting mix. This is where we are going for all our ATHENS authenticated resources.
What I need to know is:
1) Could this session cookie based auth possibly work with squid. I'm 100% open to suggestions.
2) I'd also like to avoid the User Config of the .pac file URL - maybe auto send it as required - can this be done ?
3) Could a small java app push everything through the proxy after they are authenticated and identified as being off campus? Maybe sent from the squid server, maybe a.n.other web server. This could also help eliminate a further set of issues relating to Citrix ICA stuff.
4) Am I totally barmy for even attempting this in the first place ?
Your help is very much appreciated. -- Alex Collins. Library Systems and Support Officer. Rivermead Library. Tel:01245 493131 X3722 Fax: X3145 [EMAIL PROTECTED] http://libweb.apu.ac.uk This message has been ROT-13 Encrypted twice for Extra Security !
