Re: [squid-users] Re: secure authentication on squid

From: Henrik Nordstrom <[email protected]>
Date: 20 Nov 2002 19:17:15 +0100

ons 2002-11-20 klockan 16.17 skrev Hegedus, Ervin:

> > I may be wrong, but maybe you can try to use digest
> > password auth. That way, the password is sent encrypted.
>
> may be, you all right.
> Squid gurus tells us... :)

Yes. The one-the-wire digest authentication messages is considered
cryptographically secure.

Also not all browsers supports digest authentication yet, but most do.

A major problem is that you cannot integrate with any other password
databases and must use a separate password file for Squid. Also due to
simplicity this password file currently needs to have the users
passwords in plain text, but can in theory be changed to store the
passwords using one-way hashes.

Maybe in the future there will be possible to integrate with external
password databases supporting SASL Digest authentication but this is an
area which has not yet been researched and will require specific support
from the external password database, in many ways similar to how Squid
requires special support from Samba for efficient and stable NTLM
authentication.

Regards
Henrik
Received on Thu Nov 21 2002 - 10:39:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:30 MST