Re: browser authentication (was Re: Intruducing myself)

From: Josef.Irnberger <Josef.Irnberger@dont-contact.us>
Date: Fri, 8 Nov 2002 09:38:42 GMT

Hi squid-dev,

> As said in my previous message you could probably utilize LDAP to
> store the password hashes required for HTTP Digest authentication if
> you like but this will most likely be separate from the normal
> userPassword LDAP attribute, and require special attention when the
> user changes his password to keep the two in synch.

I thought of a different solution: The digest_pw_auth.c (or some plugin on
behalf of it) queries the LDAP server (with a special bind user "squid", who has
access to the userPassword attributes) and returns the password if either a
"ProxyAllowed" flag/attribute is set or the user contains to a "ProxyAllowed"
group. Of course securely due to TLS and/or Digest-MD5.

What do you think about this? Could this be an appropriate solution?

Regards
Josef Irnberger

p.s.: I experienced that Mozilla and Galleon keep asking for the
username/password after they were entered. (Multiple times within seconds and
without leaving the current domain) Which makes browsing nearly impossible.
Probably worth a Bugzilla
submission.
Received on Fri Nov 08 2002 - 02:42:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:38 MST