On 21/04/18 06:55, Panagiotis Bariamis wrote: >>"credentials" does not necessarily mean passwords. > >>TLS also sends credentials in clear. It just happens those credentials >>are called certificates. Likewise all auth schemes in HTTP (except >>Basic) send security tokens of various types - not passwords. > > When referring to credentials I mean basic ldap authentication for squid > servers. > Those are sent in plain text (well base64) in every request. So my > concern is the client to proxy encryption so as to protect those > credentials. > LDAP is a database type, it is not specifically tied to the type of credentials used either. For example; have you looked into using Kerberos authentication? this over clear-text is similar or sometimes more secure than TLS. <http://www.squid-cache.org/Versions/v3/3.5/manuals/negotiate_kerberos_auth.html> <http://www.squid-cache.org/Versions/v3/3.5/manuals/ext_kerberos_ldap_group_acl.html> That is the recommended Best Practice form of authentication with MSIE and avoids the need for TLS solely to secure the credentials. Other reasons for TLS remain, but are less important. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
