Re: [squid-users] authorization

From: Henrik Nordstrom <[email protected]>
Date: Wed, 27 Nov 2002 12:30:13 +0100

Heinz Ahrens wrote:

> i use squid with perhaps 20.000 users an all works fine. My only problem is
> the fact, that the user-authentication is not encrypted.

A quite common problem.

As a standard solution you could investigate using Digest
authentication. Digest authentication strongly protects the password on
the wire..

> Now i want to solve the problem and i found "Squid IP Auth". This is fine,
> but i need another program, because i use NAT between client and proxy and
> squidGuard with different userlists.

The concept of temporary passwords works just fine.

Your main problem then is how Squid is to identify the users, knowing
when to expect a temporary password or when to redirect the user to the
"secure page for generating the temporary password".

HTTP does not have a concept of "sessions". Authentication is performed
individually on each request. Because of this you do not know if this
request is the "first" request, or a "second request".

Regards
Henrik
Received on Wed Nov 27 2002 - 04:30:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:36 MST