I have identd running on all clients. Squid doesn't appear to be caching ident lookups... maybe I'm missing something in my config for this?
If Squid could pass the ident username somehow to DG with cache_peer then DG wouldn't need to do any ident requests (this works if you're using basic auth). I'm more worried about Squid's ident requests failing and users having to type in their username/password in order to authenticate. Ident could be taken out of the picture entirely if I had a client of some type on the Windows workstations that would handle the basic auth requests from squid automagically. Novell makes a SSO client for this sort of thing but it's too expen$ive. - David >>> "Chris Wilcox" <[EMAIL PROTECTED]> 2/5/2004 10:28:57 AM >>> I thought Squid did cache ident lookups? Do I presume that you aren't able to run identd on all clients? DG can already handle ident lookups as you know, and the latest 2.7.x code handles multple filter levels. With multiple filter levels in place, if an ident lookup cannot be found then DG will run that request through 'filter1' which is the default filter level. You could in theory set filter1 to be very restrictive and filter2 to meet the company requirements. If an ident response is available then DG will filter as per company req: if it isn't (eg the user has disabled it) then they'd be restrictively filtered. The main problem with DG is that it currently does not cache ident lookups. This means that for a sinlge webpage of 10 images and some text etc, DG will do an ident lookup for EVERY request on that page. In itself this is almost worth considering using ldap authenication exclusively, though I have no idea about how much bandwidth/network overhead is required for each ident lookup/response pair: my guess is that it's actually pretty small. Maybe someone on here can quantify this guess? Regards, nry
