[squid-users] Authentication\Authorization using a PAC file?

Eliezer Croitoru eliezer at ngtech.co.il
Tue Nov 25 18:33:16 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/24/2014 10:06 PM, Jason Haar wrote:
> I think you are confusing proxy authentication with WPAD/PAC files.
> WPAD knows nothing about proxy authentication: browsers do
> 
> ie you use WPAD to tell browsers where/if they need to use a proxy
> and under what circumstances, and when they then attempt to do so,
> the BROWSER will have to respond to authentication issues
> surrounding authentication proxies.

Thanks Jason for the referrals.
WPAD purpose is solid but there is an option to create a WPAD/PAC file
on the fly and on the background authorize the client user name with a
specific ip.
Some restrictions can be applied on the use of a specific user to be
used only with one IP at a time which is similar to some AD features.

WPAD can be used with authorization and it should be like any other
http\s resource and the user + password can be written inside the url
similar to ftp URL.
Windows specifically has a daemon\script\service that does the
WPAD\PAC file and there for all the limitations are to this service only.
In any other system these limitations might be the same but I didn't
tested any of these yet.

I might add this to my TODO list.

Thanks,
Eliezer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUdMtsAAoJENxnfXtQ8ZQUgsIIAIl5CUYcvYWIY4rNhG8ZTBWe
4oB08L0yHWPt7lbN/PEksxp+8dsJo5ZD0VTXMHD7CwRh+sIy8Nb01HaW+Rpb8hDD
CzFJjAnscEw99kJr+0Yv9WZ+Ba+O6JfbmzFdozV6fHrnD4fd4L8Kni3EXCUcL1KS
iUHepiOkLq/Bf4MmSo9Eo49Ao7cRNAKEAC5t8I6wkLOCWo/ijxmBZimpnRwNMba9
z6KUUcRp1biwSyFfaUPqGCRtwaWxQPLmgkZI1ABJvO+mWyiMX1Droq8+Zz8iioJs
mRBrydNnBIqBf+LjADkYJsNnQeLSJ2hsHJe2O0USM1+l3JhNzE7R/o3Y5HnVC3E=
=HwV7
-----END PGP SIGNATURE-----


More information about the squid-users mailing list