> > I think educating users (yes, there are 2 different passwords) would be
> > most effective.
On 23.02 10:01, Steve Brown wrote:
> Believe me, I wish I could. But these are sales people, and as I
> said, some of them aren't very bright.
I do. but i think you understand that educating isthe bes
> I think educating users (yes, there are 2 different passwords) would be most
> effective.
Believe me, I wish I could. But these are sales people, and as I
said, some of them aren't very bright.
> 1. give users the same password for mail and proxy and probably fetch them
> from the same source
tis 2006-02-21 klockan 10:51 -0600 skrev Steve Brown:
> Yes there is a user/pass. Everyone is saying that the broswer
> shouldn't indiscriminately provide crednetials, which I agree with.
> However, in the setup I am proposing, the browser isn't submitting
> credentials. The traffic is intercep
On 21.02 10:51, Steve Brown wrote:
> > How is there "authentication" without credentials? I have misunderstood
> > your setup. What are you referring to when you say "authentication" because
> > the knee-jerk reaction is to assume a username and password is
> > authenticating...
>
> Yes there is
On Wed, 2006-02-22 at 11:39 -0600, Steve Brown wrote:
> > It seems that I misunderstood what you meant. Do you want the PROXY to
> > authenticate against its parent? Independently from who is the user it
> > acts in behalf of?
>
> Yes, that's the idea. All users are restricted to the same ACL, so
> It seems that I misunderstood what you meant. Do you want the PROXY to
> authenticate against its parent? Independently from who is the user it
> acts in behalf of?
Yes, that's the idea. All users are restricted to the same ACL, so I
see no reason to try to auth w/ differnt users, except maybe
On Tue, 2006-02-21 at 10:03 -0600, Steve Brown wrote:
[...]
> In the specific scenario I mentioned, the browser isn't submitting any
> credentials. The traffic is being intercepted and routed through a
> local proxy which in turns forwards requests to a remote proxy w/
> authentication. It seems
> In other words, you don't need to differentiate access
> per site/computer/user.
That's correct.
> Do these connections involve static IPs? src based
> ACLs would work nicely in that case.
If they had static IPs, I would have figured this out before I posted
to the list. ;-)
> The approach y
> -Original Message-
> From: Steve Brown [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 21, 2006 2:20 PM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Solutions for transparent + proxy_auth?
>
>
> > So the plan is to run a Squid
> So the plan is to run a Squid server (service?) on every
> computer that is going to access the internet?
That's the idea we're throwing around, yes.
> While that should certainly work, I wouldn't want to be
> the one responsible for the maintenance thereof.
> Every computer's squid.conf is goi
> -Original Message-
> From: Steve Brown [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 21, 2006 7:51 AM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Solutions for transparent + proxy_auth?
>
>
> > How is there "authenticati
> How is there "authentication" without credentials? I have misunderstood
> your setup. What are you referring to when you say "authentication" because
> the knee-jerk reaction is to assume a username and password is
> authenticating...
Yes there is a user/pass. Everyone is saying that the bros
OK, I talked to the boss about this and he doesn't like my
explanations. I need to better understand the reasons why not.
> You wouldn't stand for your browser to submit
> credentials to any old server that asks for it, ESPECIALLY when you, the
> user, are not expecting it to hand out any informa
On Mon, 2006-02-20 at 21:28 -0600, Steve Brown wrote:
> > http://squidwiki.kinkie.it/SquidFaq/InterceptionProxy
>
> I'm confused by this link. You tell me to "drop it" and point me to a
> page that has two paragraphs about why it *shouldn't* be done, then
> spends the next three pages describing
> Drop it :
Oh boy, I can already tell this will be fun...
Unfortunately, I can't drop it. I've been told to investigate this by
my boss because we have a coporate liability due to these boxes having
unrestricted net access. If it can't be done, that's fine, but I need
some technical details as
> I've got a bunch of machines at various locations on various ISPs for
> which I need to filter web sites. I've set up Squid w/ authentication
> as a proxy for these machines and put ACLs in place that allow me to
> whitelist certain sites.
>
> The problem I am having is that the users of these m
I've got a bunch of machines at various locations on various ISPs for
which I need to filter web sites. I've set up Squid w/ authentication
as a proxy for these machines and put ACLs in place that allow me to
whitelist certain sites.
The problem I am having is that the users of these machines are
17 matches
Mail list logo
