In my university case, using a digest password is unacceptible because it will
break compability with other system. And also it will allow the sys-admin to
know the user's password.
So what we do, is we make a simple web-login (https) and combined it with
iptables.
Quoting Paolo Biancolli <PAOLO.BIANCOLLI@xxxxxxxxxx>:
HI,
I am also intersted in securing passwords using ldap. Where can I find
this helper? I am using squid 2.5 on linux 2.4.
Can I also use ntlm auth (I mean is it secure enough) against a
Microsoft AD?
Paolo Biancolli
-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx]
Sent: 06 April 2006 01:37 AM
To: Melanie Pfefer
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re: plugin to secure authentication
ons 2006-04-05 klockan 12:23 +0100 skrev Melanie Pfefer:
I am looking for a third party plug-in to secure ldap based
authentication between browser and proxy.
Can you please assist?
digest authentication.
There is a digest LDAP based helper in the Squid-3 tree (this helper
also works with 2.5). Due to the security aspects of the
browser<->squid authentication the helper requires it's own "digest"
password hash stored in the LDAP tree or access to plain text passwords.
In theory another possible route would be to SSL encrypt the
browser<->squid traffic, but this isn't supported by any browsers on the
market (neither free or proprietary) and thus requires an SSL wrapper
such as stunnel on each client station..
Regards
Henrik