[squid-users] Captive Portal authentication in Intercept mode
James Harper
james at ejbdigital.com.au
Fri Mar 13 09:10:55 UTC 2015
> Hey,
>
> I have written a basic idea with a php "login portal" that can be seen at:
> http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/
> http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/Conf
> http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/PhpLoginExample
> http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper/Python
> http://wiki.squid-
> cache.org/EliezerCroitoru/SessionHelper/SplashPageTemplate
>
> The idea is an IP session based login.
> The user actively needs to login and it will login the user IP address.
> The helper(s) logic is based on time since the last user login.
> This idea can be used as a sketch for a more advanced options with a portal.
>
> There are other better ways to implement this idea and one of them is
> using a radius server.
>
> As you noticed there is no way to directly authenticate a proxy in
> intercept mode.
> Maybe someone out-there have been thinking about a way to do such a
> thing but it is yet to be possible with squid.
>
If you could do ntlm auth at your portal page then the user might never even notice that authentication took place...
You'd need to do some sort of browser detection though - browsers could handle such authentication, but programs phoning home or otherwise using web services would hate it.
James
More information about the squid-users
mailing list