[KLUG Members] Web Proxy/Filter/Auth

[Adam Williams]

> >> I'm looking for a good web proxy cache with filtering and logging that
> >> reports who went where.
> > Squid.  It is even included with most distros.
> I'm testing squid and Dan's guardian now.
> Squid is slower that BMGR on the initial page load.

That is really hard to believe.  Do you have /var/cache/squid (or
wherever your cache is rooted) in it's own filesystem?  And you *need*
to set that filesystem as "noatime".  Ideally make that filesystem as
either a reiserfs or XFS with external journal.  Then it will probably
toast BMGR to a golden brown.

> >> I've looked at Dan's guardian and am quite impressed with it. However
> >> it doesn't let me configure it on a per user basis also logs are just
> >> ip address no user names. We use DHCP here so IPs are meaningless.
> > Squid can authenticate relative groups in LDAP, logs can contains
> > whatever you want.
> Will it do this in the backgroud? I don't want users to have to login again.

I don't know, I haven't worked with Novell networks in that regard. 
Does NTLM work with M$ browesers then using the Novell GINA?  Certainly
is an interesting question.  Squid can also user Kerberos, but I don't
think Novell uses that (yet).

> >> One feature I like about BorderManager is a thing called Client Trust.
> >> It's a small program I run in the login script so users don't have to
> >> auth to the proxy. It get the info from eDir and passes it to the
> >> proxy.
> > Squid has an NTLM module, so if the Win32 workstation is logged into the
> > domain, no prompting.
> I don't use a domain. Who would want one of those?!

Those of us without NDS!  With a Samba PDC it actually works.

> >> All my workstations are Windows 98/2k/XP.
> >> Basically, I want to duplicate the finctionality I currently enjoy.
> >> Any pointers would be appreciated.
> > http://www.squidcache.org