Looking for a tool (Diese Mail wurde auf Viren gepr?ft.)
Hi folks, Problem: In our company we have a pool of online resources which are protected via basic http-auth, some of them use https. Our employees should be able to use these urls without knowing the credentials. Our internet gateway is running SuSE 8.0. My idea is to install or script something on this box which is called with the desired link and then does the authentication transparently to the user. Does anyone know about some kind of software to handle this? -- Denis Hoffmann IT OBG Bau GmbH & Co.KG Illinger Straße 150 66564 Ottweiler Tel.: 06824 3000 351 Fax: 06824 3000 500 http://www.obg-bau.de/
Problem: In our company we have a pool of online resources which are protected via basic http-auth, some of them use https. Our employees should be able to use these urls without knowing the credentials. How do you know, that it is one of your employies? The only method I can
On May 2, dhoffmann@obg-bau.de <dhoffmann@obg-bau.de> wrote: think about is some IP range, that is allowed. If you are using apache, put into your .htaccess: --snip-- order deny,allow deny from all allow from 192.168.0 AuthType Basic AuthName "Protected area" AuthUserFile /web/pass/htpasswd satisfy any --snip-- hth, Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \ http://fou4s.gaugusch.at/ - Fast OnlineUpdate for SuSE
Hi Markus, it seems you got me wrong. We have a LAN with about 70 workstations. The users should be able to browse certain restricted sites outside of the lan without knowing the credentials (username/password) of these sites. So what i need is some kind of proxy on the gateway which holds the authentication information for these sites. The gateway is only accessible from inside the LAN. Markus Gaugusch <markus@gaugusch.at> wrote on 02.05.2003 12:28:04:
Problem: In our company we have a pool of online resources which are protected via basic http-auth, some of them use https. Our employees should be able to use these urls without knowing the credentials. How do you know, that it is one of your employies? The only method I can
On May 2, dhoffmann@obg-bau.de <dhoffmann@obg-bau.de> wrote: think about is some IP range, that is allowed. If you are using apache, put into your .htaccess: --snip-- order deny,allow deny from all allow from 192.168.0
AuthType Basic AuthName "Protected area" AuthUserFile /web/pass/htpasswd
satisfy any --snip--
-- Denis Hoffmann IT OBG Bau GmbH & Co.KG Illinger Straße 150 66564 Ottweiler Tel.: 06824 3000 351 Fax: 06824 3000 500 http://www.obg-bau.de/
*** Reply to message from dhoffmann@obg-bau.de on Fri, 2 May 2003 14:55:16 +0200*** Denis, I am wondering if I understand what your question means.
The users should be able to browse certain restricted sites outside of the lan without knowing the credentials (username/password) of these sites.
Are you saying that there is , perhaps , someone in the company who has signed up for these sites , and you would prefer that your users not know the login and password details so they can't , for instance, login from their box at home? Also, I suppose if my earlier supposition is correct, you actually have a username and password to login onto this restricted site so you can't just give permission at your end saying anyone trying to connect from 192. etc. where you specify the range, as someone else mentioned should be passed on to the website? I suppose , not knowing the nature of the website you are talking about that just caching the pages at the start of each shift wouldn't work , huh? -- j Afterthought : 29A, the hexadecimal of the Beast.
Hi J, <jfweber@bellsouth.net> wrote on 01.05.2003 14:47:48:
*** Reply to message from dhoffmann@obg-bau.de on Fri, 2 May 2003 14:55:16 +0200*** Denis, I am wondering if I understand what your question means.
The users should be able to browse certain restricted sites outside of the lan without knowing the credentials (username/password) of these sites.
Are you saying that there is , perhaps , someone in the company who has signed up for these sites , and you would prefer that your users not know the login and password details so they can't , for instance, login from their box at home?
yes. the administration staff has the credentials, the users shouldn't.
Also, I suppose if my earlier supposition is correct, you actually have a username and password to login onto this restricted site so you can't just give permission at your end saying anyone trying to connect from 192. etc. where you specify the range, as someone else mentioned should be passed on to the website?
also correct. the sites are all external ones, which we have no further access to but the protected web areas.
I suppose , not knowing the nature of the website you are talking about that just caching the pages at the start of each shift wouldn't work , huh?
unfortunatly, this will not work, cause most of the mentioned sites deliver dynamically generated content. i really don't know if there's such a tool at all, but i don't think it's a unusual demand. i imagine some kind of proxy, which has the ability to transparently authenticate to some certain sites, so the user doesn't notice that it's protected. the background is, as you supposed, we don't want the "normal" user to know the credentials for these sites. -- Denis Hoffmann IT OBG Bau GmbH & Co.KG Illinger Straße 150 66564 Ottweiler Tel.: 06824 3000 351 Fax: 06824 3000 500 http://www.obg-bau.de/
On Fri, 2 May 2003 dhoffmann@obg-bau.de wrote:
Hi Markus,
it seems you got me wrong.
We have a LAN with about 70 workstations. The users should be able to browse certain restricted sites outside of the lan without knowing the credentials (username/password) of these sites.
So what i need is some kind of proxy on the gateway which holds the authentication information for these sites. The gateway is only accessible from inside the LAN.
if browse means web-browser, use squid for example ? -- BINGO: assertively disseminate unique opportunities --- Engelbert Gruber -------+ SSG Fintl,Gruber,Lassnig / A6170 Zirl Innweg 5b / Tel. ++43-5238-93535 ---+
participants (4)
-
dhoffmann@obg-bau.de -
engelbert.gruber@ssg.co.at -
jfweber@bellsouth.net -
Markus Gaugusch