| phantox 2004-11-30, 5:46 pm |
| This is the situation we have at our site
We have a wireless network were using 128bit wep and mac address
filtering on.
We have a firewall in place that allows traffic on the wireless
network to only hit a linux box running ssh which also has squid on
it.
We wrote a small app for windows the wireless users type their user id
and password into and passes this onto plink (from the makers of putty
a command line ssh client) and creates a connection out ot the ssh
server with local port forwarding, this app also sets the proxy info
in windows to localhost with the correct port.
Now this is where the problem comes into without proxy auth on we
don't get any info in the access logs on who is accessing websites. If
we turn proxy auth on using pam then they have to type in their user
id and password each time they open up IE.
Is it possible to either
A. Pull the authentication information from their current ssh session
to automatically authenticate to squid
B. Is there another method that doesn't do full authentication but
prompts for the user id and thats it, if so can we pull this
information from the already established ssh session?
We can write our own authentication helpers if necessary
Yes im aware that using a vpn solution with NTLM authentication would
be the easiest solution and most secure however we can not implement
this due to other things running in the wireless lan users need access
to.
I greatly appreciate your time on this problem
|