Great Circle Associates Firewalls
(July 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Proxy Authentication in Netscape Proxy Server
From: Jean-Christophe Touvet <jct @ edelweb . fr>
Date: Fri, 28 Jul 1995 19:11:41 +0200
To: Patrick Yeung <pwtyeung @ ha . org . hk>
Cc: firewalls @ greatcircle . com
In-reply-to: <Pine . 3 . 89 . 9507261544 . A29300-0100000 @ ha . org . hk> 
> I have heard that the Netscape Proxy Server provides Proxy Authentication
> using Code 407.  Is there anybody knows how it works?

 Much like simple WWW authentication. If the proxy returns, instead of a
document:

	HTTP/1.0 407 Unauthorized
	Proxy-Authenticate: Basic realm="foo"

 then a popup is displayed, asking for username/passwd. What is entered by the
user is uuencoded and sent back to the proxy, using Proxy-authorization header.

	GET http://www.edelweb.fr/
	User-Agent: Mozilla/1.1N (X11; I; SunOS 4.1.4 sun4m)
	Accept: */*
	Proxy-authorization: Basic amN0OmJhcg==

 Of course, you could already do that with a CERN proxy using Protect
directive (this thread was discussed here recently). What's interesting here
is that it doesn't prevent you from accessing Web sites where pages are
also protected.

> Can it really prohibit unauthorized internal users to use internet
> services using the proxy server?

 If users don't now how to snoop connections to the proxy or if you're using a
one-time password scheme, yes. You can send a challenge in the "realm" field.

 Cheers,

    -JCT-
Follow-Ups:
References:
Indexed By Date Previous: Re: proving secure -Reply
From: grider @ wangfed . com (Alan Grider)
Next: AIX Interlock - proxy server ?
From: waseem @ ftp . com (Waseem Siddiqi)
Indexed By Thread Previous: Proxy Authentication in Netscape Proxy Server
From: Patrick Yeung <pwtyeung @ ha . org . hk>
Next: Re: Proxy Authentication in Netscape Proxy Server
From: peter @ nmti . com (Peter da Silva)
Google
 
Search Internet Search www.greatcircle.com