Re: [squid-users] Improving security of authentication (MSNTAUTH)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Thu, 28 Jun 2001 00:27:02 +1000

Squid 2.5 (currently alpha quality, but usable) supports DIGEST and NTLM
authentication schemes as well as BASIC.

Unless you care to write a authenticator that is able to connect to active
directory AND retrieve the HA1 (IIRC) component of the digest hash from an
active directory server, you will be limited to using NTLM authentication.
However NTLM is relatively secure (especially compared to plain text :}).

Rob

----- Original Message -----
From: "Mads Rasmussen" <mads@cit.com.br>
To: <squid-users@squid-cache.org>
Sent: Thursday, June 28, 2001 12:19 AM
Subject: [squid-users] Improving security of authentication (MSNTAUTH)

I noticed that when using msntauth the request for authentication is BASIC.

Any chance of changing the scheme to at least DIGEST?

I thought about inserting code to do a MD5 digest in the msntauth code but I
don't know if NT will approve and then I realized that it must be squid that
starts the authentication sequence and there after calls the authentication
program. That is squid is doing the request.

Maybe I'm in the dark here

Anyone could enlighten me a little?

Also tips on how to improve the security would be appreciated. I am a little
concerned about sending passwords in the clear although its only internally.

Is there another authenticator available that talks with Win NT in a more
secure manner?

Regards,

Mads
Received on Wed Jun 27 2001 - 08:26:29 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:51 MST