cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cosign and Squid?
> squid has an authentication extension architecture, so it might be
> possible to add the equivalent of mod_cosign to squid. Can you say
> more about what you're trying to do?
Pretty much the same as the forwarded message you have below.
* User sets up their browser to use the squid proxy
* User requests a page (cnn.com)
* Squid's mod_cosign authenticator validates cookies or causes
redirects to weblogin sign on, etc, just like normal websites.
> Somewhat related, we received a patch from OpenSourcery that they did
> for Reed College. It changes mod_cosign so that apache2 can be used
> as a cosign-protected proxy. While we haven't yet tested it, it
> seems pretty reasonable. See below.
If they were able to get it to work with Apache2, that would seem to
indicate that the browser functionality is there. That was my biggest
I haven't investigated squid's authentication system yet -- it could be
as basic as OK/ERR, in which case it would require patching to support
sending the redirects. If anyone's looked into this, let me know. Else
I'll try to take a look at it next week.
Brian Hatch This is the Postfix program at Rinat.
Systems and The message returned below could not
Security Engineer be delivered because Edwin will no
http://www.ifokr.org/bri/ longer answer requests from Brian
when he should be home.
Every message PGP signed
Description: Digital signature