Squid Authentication & streaming

Posted by Steve Butler on Server Fault See other posts from Server Fault or by Steve Butler
Published on 2011-11-23T16:27:07Z Indexed on 2011/11/23 17:54 UTC
Read the original article Hit count: 483

I've got squid setup using Kerberos authentication. I'm also using squidguard as an URL redirector to block out the usual nastiness of the web. There are some sites though that we allow certain users to, and others not. This all works well, assuming I'm not using any streaming.

From what i can determine from the squid logs and the wireshark traces I've done, when the initial request to stream is sent, everything is good, the authenticated username is sent with the request to squidguard. The problem is that on subsequent traffic the username is not sent to squidguard, causing it to be blocked based on default policy.

I've tried using the squid built-in allow/deny stuff, but its relatively clunky, and so far squidguard has been pretty easy and fast.

Here comes the question(s):

  • How do i get Squid to pass username on all requests? (something tells me this isn't the best way)
  • How do i get squidguard to see traffic is authenticated to a specific user even when a username isn't passed?
  • Is there any other way of accomplishing this?

A few details that may be of importance:

  • I'm using a list of users stored in a text file for squidguard to compare against.
  • I'm using full kerberos auth with Squid.
  • CentOS 6.0
  • Squid 3.1.4
  • Squidguard 1.3

© Server Fault or respective owner

Related posts about linux

Related posts about authentication