On Thu, 8 Jan 2004, Craig Sharp wrote:

> Hi,
>
> I am using LDAP to authenticate to Novell E-Dir with Squid for
> Internet access. It is working perfectly, however our management
> and users do not like the fact that when the browser is closed down
> and reopened, they have to authenticate again. They are whining
> because they do not want to have to type in their name when they
> open the browser several times a day.
>
> I need a way to store the authentication so that they will remain
> authenticated and not be challenged by the Squid server when they
> open a new browser for a period of 4 hours. Yes I know that this
> is defeating the purpose of security and authentication, but this
> is my direction.


So you know that the browser sends some authentication credentials
with each request. When a user exits the browser and starts it up
again, it doesn't know that it should send the credentials, until
it gets the "authentication required" response from Squid.

Perhaps you could use the external ACL feature to make this work.
You (or someone) would need to write an external ACL that remembers
which IP addresses have already been authenticated and then continue
allowing requests from them for 4 hours (or whatever) without the
proxy authentication.

Duane W.