Re: [squid-users] secured authentication

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Mon, 05 Oct 2009 14:14:18 +0200

tis 2009-09-29 klockan 21:28 -0500 skrev David Boyer:
> I've been using squid_ldap_auth (Squid 2.7, SLES 11) for basic
> authentication, and it wasn't terribly difficult to set up. What
> concerns me is the passing of credentials from the browser to Squid in
> plain text. When we use basic authentication anywhere else, the web
> site usually requires HTTPS. I'm not seeing an easy way to do that
> with Squid.

Squid can via it's https_port directive, but there is no known browsers
supporting SSL encrypted proxy connections.

> We have a full Active Directory environment, and everyone using Squid has a domain account. Our users use a combination of Firefox 3.x, IE, and Safari.

Then NTLM or Kerberos/Negotiate authentication should be a viable option
for you.

The other available option Digest authentication unfortunately can not
integrate with Active Directory that easy...

> What options are there for using authentication with Squid while also
> ensuring the credentials passed between the browser and Squid are
> encrypted? The stunnel approach would not be an option for us.

And neither is pushing the browser vendors to have support for SSL
encrypted proxy connections I suppose?

Regards
Henrik
Received on Mon Oct 05 2009 - 12:14:28 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 05 2009 - 12:00:02 MDT