Re: [squid-users] Re: secure authentication on squid

From: Henrik Nordstrom <[email protected]>
Date: Sun, 1 Dec 2002 15:00:26 +0100

On Sunday 01 December 2002 14.48, Ilya wrote:

> What do you mean? Yes, it is possible to organize the SSL
> connection between squid & LDAP. But how can I make squid to
> take passwords from LDAP, not .../etc/digpass, not from the
> file on local host? What should I rewrite?

For a start a new Squid digest helper would need to be written which
queries LDAP over TLS instead of a local password file.

In the long run Squid should be extended to support MD5-sess Digest
authentication, and a helper daemon added to your LDAP server to
allow Squid and other trusted applications to query for a MD5-sess
hash from your LDAP directory. In such mode the plaintext LDAP
password never needs to leave the LDAP directory server and only
secure one-way hashed blobs is exchanged over the network.

> And one more. What browser/version support Digest auth. I
> tried with Netscape 4.78 and failed. But succeded with Mozilla
> 1.0 :)

See earlier thread on squid-users.

Regards
Henrik
Received on Sun Dec 01 2002 - 07:00:29 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:47 MST