[squid-users] Client Certificate Authentication

From: Jaime Nebrera <jnebrera_at_eneotecnologia.com>
Date: Mon, 14 Mar 2011 13:43:38 +0100

   Dear all,

   This is my first email to the list in a looong time so please forgive
if I'm saying something stupid.

   I want to authenticate users using a digital certificate they will
already own for "forwarding proxy".

   That is, the browsers will use squid to navigate the internet (not
reverse proxy), do some ACL (white / black list validating the user
against a LDAP server) and some antivirus filtering (iCap or similar).

   Reading the available information in the Internet I'm not sure if
this is possible or not.

   As reverse proxy there is no problem, but as a forwarding proxy I
have seem some replies but dont have for sure if its possible or not.

   I have also seen SSLBump that seems in that topic.

   BTW, I would like the proxy to use User's certificate when
authenticating against other (external) servers.

   This sounds a lot as a Man In The Middle attack but ...

   Browsers will be configured to use a specific proxy (no transparent)
and could be either Internet Explorer or Firefox.

   Very thankful in advance. Regards

-- 
Jaime Nebrera - jnebrera_at_eneotecnologia.com
Consultor TI - ENEO Tecnologia SL
C/ Manufactura 2, Edificio Euro, Oficina 3N
Mairena del Aljarafe - 41927 - Sevilla
Telf.- 955 60 11 60 / 619 04 55 18
Received on Mon Mar 14 2011 - 12:43:38 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 15 2011 - 12:00:01 MDT