Search squid archive

Re: Encrypted (Basic) Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Amos,

thanks for your response.

On 04/20/2012 04:22 PM, Amos Jeffries wrote:
>> I found the following solution, but I'm not suire if that's a good way
>> to go.
>> http://www.mikealeonetti.com/wiki/index.php/Squid_LDAP_transparent_proxy_authentication_script
>>
> 
> Not relevant. That is for session-based authorization on intercepted traffic.
> It is not authentication despite the authors use of the term.
> Basic auth protocol with its clear-text credentials is more secure.

Commercial solutions seem to offer similar solutions with a web-based form.
http://demo04.astaro.com/help/en_US/Content/ASG/websec/HTTPs_Profiles-Proxy_Profiles.html

Isn't there a way to build something like that with squid?

>> What can you recommend?
> 
> What does the backend you are using LDAP protocol to access capable of?

We are using OpenLDAP directly, there is no other backend.

> Kerberos is best you can get in the way of secure authentication these days.
> Despite the limits it imposes on HTTP performance.

That would mean clients would have to be configured for Kerberos usage
correctly. Firefox for example would then authenticate via GSS-API Negotiation
Mechanism (SPNEGO).

I would love to see a solution that is more flexible without the need to
integrate clients with Kerberos.

> Alternatively you can try using a TLS connection to secure the transport
> between the web clients and Squid.
>  http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection

I think that would be the best solution for us. Are there other browsers that
support TLS secured connections too?

Thank you,
Christoph


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux