Re: [squid-users] passwd encryption

From: Henrik Nordstrom <[email protected]>
Date: Sat, 21 Dec 2002 12:48:55 +0100

On Friday 20 December 2002 20.02, Pat Lendon wrote:
> Hello All,
>
> We currently use NCSA for authentication and will be soon moving
> to LDAP authentication.
>
> During LDAP auth testing, sniffer ran and passwords were in clear
> text.
>
> I've searched archives on crypt and LDAP.
>
> Is it still not possible to crypt passwords when using LDAP?
>
> Does anyone know of work-arounds to encrypt password?

The version of the helper included in the Squid-2.6 or Squid-3 (HEAD)
development branches has support for TLS/SSL encryption of the LDAP
connection.

However, the browser sends the password in plain text (base64 encoded)
in the HTTP request in all basic scheme authentication requests so
encrypting the LDAP communication between Squid and your LDAP server
does not help very much in terms of security..

Regards
Henrik
Received on Sat Dec 21 2002 - 04:48:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:10 MST