[isalist] Re: Passing credentials
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 5 Apr 2007 06:57:36 -0700
http://www.ISAserver.org
-------------------------------------------------------
Q1 - what is this device?
Q2 - why is it user-specific?
Q3 - can it be operated as part of ISA?
As I said; ISA can delegate credentials upstream, but *only* if Basic
auth is used.
This means you *must* configure the ISA web proxy for Basic auth to
protected networks and configure the upstream web chaining rule to use
Basic delegation.
Otherwise, the upstream proxy (if indeed it is one) must prompt for
authentication using whatever methods it supports.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Ross
Sent: Thursday, April 05, 2007 5:52 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials
http://www.ISAserver.org
-------------------------------------------------------
The content filter, which is past the ISA box, relies on your group
membership to apply specific filters.
Right now all authentication is passed thru as "-", so it doesn't know
who you are, and cant apply the proper filter.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, April 04, 2007 6:25 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials
http://www.ISAserver.org
-------------------------------------------------------
Yeh - that's the problem description; not an answer to the question of
"why".
The question on the table is "why do you need authentication at both
proxies?"
If the upstream proxy limits access to only the downstream proxy and the
downstream proxy limits access only to authenticated users, what benefit
is gained by authenticating twice?
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Ross
Sent: Wednesday, April 04, 2007 1:52 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials
http://www.ISAserver.org
-------------------------------------------------------
Our ISA box is not sending the proper credentials to the content filter
server that is upstream, and separate from the ISA box.
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Wednesday, April 04, 2007 1:22 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Passing credentials
http://www.ISAserver.org
-------------------------------------------------------
It's called "delegation" and that only works using Basic auth.
Why do you need authentication at both proxies?
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Ross
Sent: Wednesday, April 04, 2007 10:26 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Passing credentials
http://www.ISAserver.org
-------------------------------------------------------
Is there a way to have ISA pass your credentials along to another proxy
type server?
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
