Re: [squid-users] Re: ntlm won't prompt

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 11 Jul 2003 10:10:52 +0200

On Friday 11 July 2003 03.16, Norman Zhang wrote:

> Please excuse my ignorance. Would passwords be passed in clear text
> using basic auth?

Yes.

> Is there an authentication scheme that works
> without clear text.

Neither NTLM or Digest passes passwords over the wire.

Of the two Digest is preferred as it is a standard HTTP authentication
protocol without the design errors of NTLM and also provides a higher
level of protection for the users passwords. You probably want to use
Squid-2.5.STABLE3 or later however, and not all browsers support
Digest yet (most mainstream browsers does).

Both requires special password databases: local text file in case of
Digest, a NT Domain in case of NTLM. Squid never gets the users
password at all in these methods and thus can not integrate with
normal password databases requiring the actual password like done in
the basic scheme.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Fri Jul 11 2003 - 02:11:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:56 MST