On Tue, Jan 13, 2009 at 3:58 PM, Leonardo Rodrigues Magalhães<leolistas@xxxxxxxxxxxxxx> wrote:>> i'm actually running squid (2.7 stable4) with squid_ldap_auth for> authenticating users in my MS Active Directory tree. I'm running:>> auth_param basic program /usr/bin/squid_ldap_auth -R -b> "dc=XXXXXXX,dc=XXXXX" -D "cn=XXXXX,ou=Internet,dc=XXXXXX,dc=XXXXXXX"> -w "XXXXXX" -f sAMAccountName=%s -h 192.168.0.8>>> i was trying to change from basic authentication to digest one, so> avoiding cleartext passwords to flow over network. but i'm not having> success on that.>>> can anyone share a working digest_ldap_auth syntax that is working to> authenticate users in MS AD ??? I'm not really sure it's even possible: Microsoft KBhttp://support.microsoft.com/kb/222028 says that in order for IIS tobe able to offer Digest authentication, passwords have to be stored inAD using "reversible encryption", as Digest authentication usesencryption mechanisms wich are not compatible with those used in AD.I don't expect that AD would make plaintext-equivalent passwordsavailable over LDAP... -- /kinkie
