[squid-users] can squid handle indirect request from clients ?
Eliezer Croitoru
eliezer at ngtech.co.il
Tue Feb 17 22:25:36 UTC 2015
Hey,
There are couple ways to look at authentication and some would sometimes
trade authorization to authentication and vise versa.
In some environments there is a mix of both terms which is required to
build a logical service unit.
I do not have all my archives but I remember that someone have asked
about some single sign on system which grants access using a login page
to many in campus systems.
It was based on a very complex system which I do not remember right now.
There are options to run some process triggered by a radius server login
or any other system that would be considered the authorization authority
to mark a specific IP as ALLOWED or under some group.
I know that there are many network systems which uses a network level
authorization and it is very useful.
The main difference between directly authenticating to squid vs 3rd
party authentication is the way and level of authentication.
For example a radius server with an enterprise level switch and\or wifi
access point can provide authentication encryption layer which squid
direct authentication cannot provide and no matter what you will do.
Of course that in many cases it will require absolute reliability and
should not allow mistakes.
One rule of thumb in the raidus lands network authentication security
level is:
Every authenticated user can be only identified with one IP at a time.
So yes squid doesn't support a direct proxy authentication level in
intercept and tproxy modes BUT using some external_acl helpers it's
pretty simple to connect squid and an external authentication system.
Here the answer turns the tables and makes it possible to authenticate
even in intercept and tproxy mode but not at the same way many might
think of.
All The Bests,
Eliezer
On 18/02/2015 04:04, snakeeyes wrote:
> Thanks eleizer , but does it support other types like radius authentication ?
>
> I mean all types of authentications are forbidden in intercept mode ?
More information about the squid-users
mailing list