Nicolas MATHEY wrote:
> I use squid_ldap_auth, from squid 2.5 pre7, as a authenticate program and
> it work well. When i sniff the port 389 (ldap port) with tcpdump, I can
> read the password in plaintext! Is there a solution to encrypt it with
> TLS/SSL, or anything else, in order to secure my authentification to the
> ldap server?
Yes, by teaching squid_ldap_auth how to make TLS encrypted LDAP connections.
The OpenLDAP library used supports this just fine if compiled with SSL support
(most installations are these days), so it is only a matter about learning
how to tell the OpenLDAP library that a TLS encrypted LDAP connection is
wanted.
Hmm.. didn't I receive a patch for this ages ago.. what happened with that
one.. Ah, there it is
<http://www.squid-cache.org/mail-archive/squid-users/200112/0511.html>.
Michael, did you ever make a version of the patch with certificate
verification (-ZZ).
Regards
Henrik Nordström
Received on Tue Jun 04 2002 - 07:42:30 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:26 MST