Re: [squid-users] Re: secure authentication on squid

From: Ilya <[email protected]>
Date: Sun, 01 Dec 2002 14:17:14 +0600

>Ilya wrote:
>
>> Thanks, I`ll read. But it is more interesting: how can I
>>tune
>> squid to use digest authentication?
>
>See configure --help and squid.conf.
>
>> And one more. If squid was tuned to use digest auth, then it
>> saves/looks for username/password in its database. Or am I
>> wrong? You know, in my situation username/password are
>>stored
>> on LDAP server, and squid checks them using external
>> program(authentication_program)
>
>Digest authentication requires Squid to have access to either
>
> * The users plaintext password
>
> * A specific Digest hash of the users password
>
>Squid never gets the password from the user in Digest
>authentication.
>Because of this it cannot easily integrate with non-Digest
>password
>databases like a standard LDAP directory as this requires
>Squid to get
>the users plaintext password from the browser so it can use
>this to log
>on to the LDAP directory service.

I managed to make squid to use digest authentication. But all
username/passwords are stored in its database
(..../etc/digpass). And it`s pity. You see, I have LDAP server
where all user are registered and have there
usernames/passwords. On one hand I want to have secure pass
username/password pair between browser and squid, and on other
hand I want squid to validate this pair on LDAP server.

Are there any other ways to have secure channel between
browser and squid, and to use username/passwords from LDAP for
authentication?

browser --????--> squid(authentication) --SSL--> LDAP server

Thanks.
Ilya.

  
Received on Sun Dec 01 2002 - 01:15:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:47 MST