Re: [squid-users] SQUID and SNK authentication

From: <>
Date: Tue, 27 Nov 2001 19:07:53 +0100

From: Mauro Del Giudice@ESA on 11/27/2001 07:07 PM

SecureNetKey (SNK) is an authentication method that uses a random challenge
password to authenticate users. When a user attempts to log in, the firewall
server provides a random challenge. The user enters his personal identification
number and the challenge into a software-based calculator on his computer. The
calculator encrypts the challenge and, using a special cipher and encryption
key, determines and displays the encrypted result. The user then submits this
result to the authentication service as his response to the challenge. Packet
sniffers cannot gain access to your network because any password they may have
been able to steal is not reusable. And since neither the user's personal
identification number nor the encryption key pass over the Internet, SNK is
relatively safe from common password attacks.

The same schema can be applied if the user who wants to be authenticated is the
proxy itself against a parent proxy.

For this reason I talked about an external authentication program. But as I
suspected it is not possible with the current SQUID version.

Anyway thanks a lot.

| | Henrik |
| | Nordstrom |
| | <hno@marasyst|
| |> |
| | |
| | 2001/11/27 |
| | 18:45 |
| | |
  | |
  | To: Mauro Del Giudice/esrin/ESA@ESA, |
  | |
  | cc: |
  | Subject: Re: [squid-users] SQUID and SNK authentication |

On Tuesday 27 November 2001 17.19, wrote:

> I wouldn't leave the login/password written in the squid.conf file and
> use the SNK protocol to perform the authentication with the parent proxy.

What is the SNK protocol?

> Is there a way to configure SQUID? I found the authenticate_program
> directive, but I haven't understood if it can be used also for such
> purpose. If so, could someone show me how to proceed?

authenticate_program is for validating users password+login, not to find the
peer credentials.

MARA Systems AB
Giving you basic free Squid support
Priority support or Squid enhancements available on request
Received on Tue Nov 27 2001 - 11:12:10 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:34 MST