On 20/9/2011 4:53 μμ, Luis Daniel Lucio Quiroz wrote:
... There are 3 more way and you shall evaluate what fits the best for you. a) you may use Kerberos auth, many browsers suppor it right now. b) you may use NTLM2 auth, helper is available at samba packagec) you may relay secure auth with radius+https, after auth sucessful with a browser that client ip shall surf
Thank you, Luis.So, the solution with certificates would not work? I read about it here: http://squid-web-proxy-cache.1019090.n4.nabble.com/Client-Certificate-Authentication-td3353759.html
Now that I re-read it (cause it's long), I come to the conclusion that certificate-authentication wouldn't/shouldn't work without SSL, so it seems stunnel (for example, or other similar solutions as discussed on that thread) would still be needed. Configuration details for certificate-based authentication would still be interesting, if available anywhere.
I guess I'll now try Squid with Kerberos auth... Nick
<<attachment: smime.p7s>>
