Re: [squid-users] SSL Proxy Authentication

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Fri, 14 Aug 2009 23:42:36 +0200

fre 2009-08-14 klockan 16:40 -0400 skrev Daniel:

> If we choose to authenticate against LDAP, I know that we can use SSL/TLS
> and secure the traffic between our LDAP servers and the Squid servers.
> However, wouldn't the usernames/passwords still be sent basically clear-text
> from the Squid Client (workstations) and Squid?

Yes.

> If this is the case, is there any way to secure the authentication between
> squid clients and squid. What are my options?

HTTP Digest authentication is one option.

Requires some special care and love on the authentication backend as the
password isn't even known to the proxy (which means it can't verify it
to generic password based backends), but is quite secure once up and
running.

Regards
Henrik
Received on Fri Aug 14 2009 - 21:42:57 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 15 2009 - 12:00:03 MDT