On 02/05/17 09:04, j m wrote:
Wow, I didn't find that one. Not super secure, but better than clear text and I'm not too worried about someone sniffing my packets.
The security level with Digest depends on the nonce lifetime and reuse counter, both of which you can tune to your liking. The shorter those are the more secure, up to the point where it is a purely one-time token. That said, some clients (most often browsers) have big trouble managing nonces in correct order and with dozens of connections open to the proxy - and then there are Squid bugs. So tuning those is not as easy as it should be.
NTLM does not work over the Internet. Kerberos might, but not very well. They are connection-oriented authentication schemes designed for use in LAN environments. So for your described situation they are not useful even if you were willing to open the ports.
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
