Hi, I have a Squid using basic authentication with squid_ldap_auth against Novell Edirectory. This is working fine, but is very insecure. Somebody knows any method to get a secure communication between browser and squid, to authenticate against Novell Edir? One possible solution that I'm in research is to use digest authentication, relaying the authentication between Edir and the browser, so: 1- The browser send the request to the proxy. 2- The proxy send the "LDAP initial authentication" message to the LDAP server (Edir o any LDAP server), SASL DIGEST-MD5 authentication request. 3- The LDAP server sends the response with digest data (nonces, opaque, etc). 4- Squid sends the digest data to the browser (in HTTP format). 5- The browser send generates the digest-data (nonce, opaque, response, etc) to the proxy. 6- The proxy send the browser's digest-data to the LDAP server (via LDAP/SASL). 7- The LDAP return OK to the proxy. Somebody have any comments or ideas or other method to secure the authentication? regards, diegows -- ------------------- Diego Woitasen -------------------
