On Wed, 2006-08-09 at 18:04 +0400, Vladimir wrote: > While searching squid mail archive, I understood that client > authentication with SSL encryption is not possible for now, because > browsers still don`t support this function correct > and it is impossible to > connect LDAP server via "squid_ldap_auth" or "squid_ldap_group" using > digest user authentication too. squid_ldap_group works fine, but it relies on authentication being already done. in 2.6 there is a helper allowing you to store the Digest hashes (or plain text passwords) in your LDAP directory for Squid to use when validating the Digest credentials. But it requires custom Digest password hash attributes or plain text passwords to be added to the LDAP directory. There still is not any means of using Digest authentication connecting to a LDAP directory without explicit Digest password hashes, and I doubt this will ever be possible due to technical restrictions. What may be possible in future is to use RADIUS with Digest support to validate the Digest authentication. But some changes is needed in Squid before this can happen (in addition to having a RADIUS server supporting Digest authentication). So for now, LDAP storing Digest password hashes (or plain text passwords) is the best option for large scale Digest authentication. For small scale setups a local Digest password file (either plaintext or hashed) works. Regards Henrik
