James Harper wrote: > > No, adding Basic is not an option because I will have to provide > > special "proxy passwords" to the users, or make them enter their > > Windows passwords by hand. This is highly undesirable. Once they > > logon into Windows, they must have (or not have) Web access > > transparently. > > > > If you know how to achieve SSO with Basic auth, please share. > > > > I have a few idea's for out-of-band SSO, some of which I have experimented > with...
[dd] > > 3. some bastardisation of identd. I've posted before about this. > Identd assumes that the destination server is asking "who owns this > connection" and so only gives port numbers because the IP is assumed > from the ident connection (I have patched squid to fake the source > address of the destination server so it works in transparent mode). > Ident also has some serious security shortcomings, but they wouldn't > be hard to solve. This new ident protocol would need: I even know/use a couple of identd services for Windows, http://sourceforge.net/projects/retinascan/ is a good one. The sad irony is that ident lookups are also broken in squid34 (the ident code leaks memory). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
