|
cosign-discuss at umich.edu |
| general discussion of cosign development and deployment | |
Has anyone implemented a cosign-protected squid proxy? I'd like to require authentication on my squid box(es), and could do that via ldap (which means I'd want the squid proxy available only via ssl, which seems like significant overhead. Don't know if cosign-enabling squid would work, but it'd be an interesting thing. You'd need to modify the error message to have a link to the weblogin page. And, now that I think of it, I don't know that you'd be able to have it follow the redirect to authenticate the cookie, since in order to follow the redirect your proxy needs to be functioning, and in order for your proxy to function you need to have the cookie authenticated.... Squid probably has the capability to allow the weblogin server to require no authentication, so that could be worked around. Anyone started down this road? -- Brian Hatch R: I'm winning! Systems and B: What's winning? Security Engineer R: Meeee!!! http://www.ifokr.org/bri/ Every message PGP signed
Attachment:
signature.asc
Description: Digital signature