On 3/29/05 7:00 PM, "Stewart" <email@hidden> wrote:
It's not the actual proxy that's at issue, it's the username and
password that must be entered to access the proxy. The whole point of
implementing proxy auth was to keep account of the amount of web
traffic used by each user, and using a system-wide name/pass would
defeat the porpoise.
I would say that's not the best reason to use a proxy, and that there
are
other utilities that will do this without causing you this problem but
since
that's what you're doing, no matter.
it's not the only reason to proxy, to be sure - for us it's just one of
the benefits of doing so. It's also about the social engineering aspect
of making users more aware that they are using a valuable resource and
being logged doing so. (and i don't think we're being that draconian -
I know some shops that present their users with entire webpages of T's
& C's they must click to agree to before they can go online...)
as a side-effect, requiring proxy auth has also cut down on a lot of
other cruft such as printers trying to phone home and so on - it's
turned out to be quite The Good Thing for us - except for that now
remote softwareupdate doesn't work :-(
Hmm...well, the rather ugly solution that occurs to me is to use
networksetup, inside of the ARDagent.app bundle to set up the machine
to
authenticate to the proxy as though you did it in System prefs, then
run
softwareupdate, then run networksetup again to undo your changes.
Since it's
all done at the shell level, you should be able to script it without
too
much pain.
that would probably work too - i didn't know about those utilities
hidden in there, thanks!
but you've made me think the problem through a bit more laterally and i
now realise it's simply a matter of configuring squid to not require
authentication for the urls that softwareupdate requests. (which would
be http://swscan.apple.com/ and http://swquery.apple.com by the looks
of it)
->hand->staple->forehead. :)
i do still think though it's a bit wrong for the proxy auth info to be
stored at system level when it should really be the responsibility of
individual applications in userspace. it's the one single difference i
can think of in Windows networking that actually makes sense (to me
anyway). The rest - well, ahem. I just like to show my wintel admin
friends how to change entire network configs with the Location menu and
watch their jaws drop. ;-)
sorry. drifting way OT there, back in my lurky box..
