Re: [squid-users] SQUID and SNK authentication

From: Henrik Nordstrom <>
Date: Tue, 27 Nov 2001 20:27:57 +0100

Ok, sort of like S/KEY (RFC1760) then...

Unfortunately, designs like this does not play very well with HTTP as there
is no "login" in HTTP. The user credentials are send on each and every
request. By session emulation one can make schemes like this work, but only
if accepting that the credentials may be reused while the session is active
(and possibly kept indefinitely valid, unless there is a forced rechallenge
at a given interval).

Squid currently does not support challenge based authentication protocols on
top of Basic HTTP authentication. Can be added with some coding.

Henrik Nordström

On Tuesday 27 November 2001 19.07, wrote:

> SecureNetKey (SNK) is an authentication method that uses a random challenge
> password to authenticate users. When a user attempts to log in, the
> firewall server provides a random challenge. The user enters his personal
> identification number and the challenge into a software-based calculator on
> his computer. The calculator encrypts the challenge and, using a special
> cipher and encryption key, determines and displays the encrypted result.
> The user then submits this result to the authentication service as his
> response to the challenge. Packet sniffers cannot gain access to your
> network because any password they may have been able to steal is not
> reusable. And since neither the user's personal identification number nor
> the encryption key pass over the Internet, SNK is relatively safe from
> common password attacks.

MARA Systems AB
Giving you basic free Squid support
Priority support or Squid enhancements available on request
Received on Tue Nov 27 2001 - 12:27:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:04:34 MST