Re: [squid-users] Re: secure authentication on squid

From: Ilya <[email protected]>
Date: Sun, 01 Dec 2002 19:48:14 +0600

>Squid has what is required for using SSL between the browser
>and
>Squid, but there is no known browsers who can access proxies
>using
>SSL so this is currently of limite use to where Squid is
>running as
>an https:// server accelerator.
>
>One approach is to sponsor the Squid and OpenLDAP (or maybe
>Cyrus
>SALS) projects to allow for Squid integration of Digest
>authentication to OpenLDAP servers.
>
>On what format is the passwords stored in your LDAP
>directory? Plain
>text or encrypted? If plain text then it is possible writing
>a secure
>channel between Squid and your LDAP server to allow Digest
>authentication to work.
>
>If the password is stored in your LDAP directory using SSHA
>or another
>strong hashing scheme then integration of Digest
>authentication is
>not mathematically possible.

Thanks for answer.
OK, let`s assume that we have plain text passwords in our LDAP
directory. (We have some server just for experiments :))

>If plain text then it is possible writing a secure
>channel between Squid and your LDAP server to allow Digest
>authentication to work.
What do you mean? Yes, it is possible to organize the SSL
connection between squid & LDAP. But how can I make squid to
take passwords from LDAP, not .../etc/digpass, not from the
file on local host? What should I rewrite?

And one more. What browser/version support Digest auth. I
tried with Netscape 4.78 and failed. But succeded with Mozilla
1.0 :)

Thanks.
Ilya
Received on Sun Dec 01 2002 - 06:46:03 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:47 MST