[KLUG Members] Web Proxy/Filter/Auth
Adam Williams
members@kalamazoolinux.org
Thu, 02 Oct 2003 21:10:29 -0400
> >> I'm looking for a good web proxy cache with filtering and logging that
> >> reports who went where.
> > Squid. It is even included with most distros.
> I'm testing squid and Dan's guardian now.
> Squid is slower that BMGR on the initial page load.
That is really hard to believe. Do you have /var/cache/squid (or
wherever your cache is rooted) in it's own filesystem? And you *need*
to set that filesystem as "noatime". Ideally make that filesystem as
either a reiserfs or XFS with external journal. Then it will probably
toast BMGR to a golden brown.
> >> I've looked at Dan's guardian and am quite impressed with it. However
> >> it doesn't let me configure it on a per user basis also logs are just
> >> ip address no user names. We use DHCP here so IPs are meaningless.
> > Squid can authenticate relative groups in LDAP, logs can contains
> > whatever you want.
> Will it do this in the backgroud? I don't want users to have to login again.
I don't know, I haven't worked with Novell networks in that regard.
Does NTLM work with M$ browesers then using the Novell GINA? Certainly
is an interesting question. Squid can also user Kerberos, but I don't
think Novell uses that (yet).
> >> One feature I like about BorderManager is a thing called Client Trust.
> >> It's a small program I run in the login script so users don't have to
> >> auth to the proxy. It get the info from eDir and passes it to the
> >> proxy.
> > Squid has an NTLM module, so if the Win32 workstation is logged into the
> > domain, no prompting.
> I don't use a domain. Who would want one of those?!
Those of us without NDS! With a Samba PDC it actually works.
> >> All my workstations are Windows 98/2k/XP.
> >> Basically, I want to duplicate the finctionality I currently enjoy.
> >> Any pointers would be appreciated.
> > http://www.squidcache.org