O'Reilly Network: Authentication and Squid

"HTTP authentication uses the same basic protocols for HTTP web servers and HTTP proxy servers. These protocols have two authentication modes: basic and digest mode. In basic mode, the client passes the user name and the password to the server as a single base64-encoded block. In digest mode, the server encodes the password with a different key in a unidirectional function and the client decodes the function using the password, then returns the key. This proves that the client knows the password, without actually transmitting the password at any point.

To the server (web or proxy), HTTP authentication is stateless. To most clients, it is not -- within a given session, most clients retain user name/password pairs for host names and paths (more accurately, for HTTP realms) that have previously requested authentication.

If the client already has a user name/password pair for a URL, it sends them the page request. If the client does not send the authentication data with a request for a page that requires authentication, the server sends an authentication challenge before sending the page. The client receives the challenge and asks the user for the user name/password pair to send."

Complete Story

Related Stories:

• O'Reilly Network: Using Squid on Intermittent Connections(Aug 05, 2001)
• Linux Journal: Deploying the Squid proxy server on Linux(Feb 17, 2001)
• LinuxWorld: Ask the Geek: Configuring a quick-and-dirty router and proxy(Feb 16, 2001)
• FreeOS.com: Setting up Squid as your caching HTTP/FTP proxy(Oct 24, 2000)
• O'Reilly Network: Deploying Squid, (Part 2 of 2)(Mar 11, 2000)
• LinuxPlanet: Do-It-Yourself Caching: Squid 2.3 - Why Caching is Essential(Mar 01, 2000)