Re: auth_policy in a non-authenticating proxy chain
On 09/15/2018 10:41 AM, Aki Tuomi wrote:
Point of sending the success ones is to maintain whitelist as well as blacklist so you know which ones you should not tarpit anymore. We know it does scale as we have very large deployments using the whole three request per login model.
"Success" in a proxy which is not it self authenticating is only whether it know where to proxy the requested username to. I'm not sure whether this would be input to a whitelist.
I'm not doubting that 3 req/login scales.
/Peter
On 15 September 2018 at 12:32 Peter Mogensen <apm@one.com> wrote:
On 09/15/2018 10:41 AM, Aki Tuomi wrote:
Point of sending the success ones is to maintain whitelist as well as blacklist so you know which ones you should not tarpit anymore. We know it does scale as we have very large deployments using the whole three request per login model.
"Success" in a proxy which is not it self authenticating is only whether it know where to proxy the requested username to. I'm not sure whether this would be input to a whitelist.
I'm not doubting that 3 req/login scales.
/Peter
This is rather uncommon use-case. Most cases authentication occurs on proxy and is forwarded using, say, master password on to the backend.
Aki
participants (2)
-
Aki Tuomi
-
Peter Mogensen