Search squid archive

Re: Digest Authentication in Squid through LDAP in Windows 2003 DC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Luis Claudio Botelho - Chefe de Tecnologia e Redes wrote:
Hi,

Please, I need some help about Digest Authentication.
We made a new server in our enterprise, using "Fedora 7" (64 bits).
We have Squid 3, installed, and we need to authenticate our users in one of
the DC's (Windows 2003 Server DC).
The problem:
We started configuring Squid with basic authentication; it worked fine, but
we got the user's password through "Ethereal Software". This is a problem
here, because we have a lot of students and teachers that we need to
guarantee security to them and against them.
So we tried "digest authentication", and our problem started. Our tests
failed, and we didn't find any documentation about how to implement
"digest_ldap_auth" to check the username and password.

Effectively you need to either store the Digest encrypted password, or the plain text password on the LDAP server. It's a fine solution if you use it from the start, but a bit of a pain to retrofit.

We don't know if our idea about digest authentication is right or wrong. We
imagine that we can simply authenticate in "Windows 2003 Server DC" (as
basic authentication does), without store the user's passord into the Linux Server. Is that possible? If yes, where can I find instructions about how to
use it?
If you can help us about this, and even if our idea about digest
authentication between Squid and Windows 2003 Server is wrong, it would be
very nice.
I would like to thank you for your time, and sorry for any inconvenience.

Given you have an Active Directory domain, you might be better served authenticating directly against it:

http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM

Fedora 7 should come with a nifty utility called "authconfig", which might eliminate much (but not all) of the text file fiddling that the example requires.


Regards,

________________________________
Luis Claudio Botelho
Chefe de Tecnologia e Redes
Coordenadoria Geral de Informática
Centro Universitário da FEI
São Bernardo do Campo - SP
4353-2900 ramal 2117

"The great secret of life is to spend it in something that endures more than itself" "In the box was written: Windows NT, 2000 or better. So I installed Linux" "Knowing is not enough, we must apply. Willing is not enough, we must do."


As a disclaimer, I have not used NTLM authentication with Squid, but I have a CentOS 4 install that allows Cyrus-IMAPd to authenticate against ADS.

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux