Re: [SQU] Authenticate problem:

From: Henk-Jan Kloosterman <[email protected]>
Date: Tue, 26 Dec 2000 14:47:05 +0100

Guys: thanks for the great support!

(Could someone give me a hint were to find info on puttting my cache on
mulitple disks?)

> > Robert Collins wrote:
> >
> > > Henk-Jan,
> > > If you are willing to run up a test copy of squid on a spare
machine,
> > for you to use (it's not stable code - it is likely to be
> > > part of squid 2.5) you could try the auth_rewrite branch of squid. It
has
> > a bottom up rewrite of squid's internal authentication
> > > mechanisms. I left the basic specifics largely untouched, but I'm more
> > than happy to dig into them.. If you wanted to try it out
> > > it's available from http://squid.sourceforge.net/
> > >
> > 2. Does it work on a 2.2.STABLE5.1 enviroment?
>
> No. It's built around squid 2.5
>
> see my response later in the mail for a little more info.

I would like to test it: But could not find 2.5! Or do I patch the
Authentication Rewrite to the 2.4DEVEL.4 ?

> > >What you can do until a patch is provided is to further upper the TTL,
> > >which is probably a good thing anyway as HTTP is not really designed
for
> > >password changes like this sporadically (every 3600 seconds) in the
> > >middle of a surfing session.

Looks like this solves it !

> Your network is vulnerable to internal replay attacks against squid for
that username:password combination for 8 hours. That's all.

I do not see this as a problem.

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Tue Dec 26 2000 - 06:53:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:07 MST