On Sunday 01 December 2002 09.17, Ilya wrote:
> Are there any other ways to have secure channel between
> browser and squid, and to use username/passwords from LDAP for
> authentication?
>
> browser --????--> squid(authentication) --SSL--> LDAP server
Squid has what is required for using SSL between the browser and
Squid, but there is no known browsers who can access proxies using
SSL so this is currently of limite use to where Squid is running as
an https:// server accelerator.
One approach is to sponsor the Squid and OpenLDAP (or maybe Cyrus
SALS) projects to allow for Squid integration of Digest
authentication to OpenLDAP servers.
On what format is the passwords stored in your LDAP directory? Plain
text or encrypted? If plain text then it is possible writing a secure
channel between Squid and your LDAP server to allow Digest
authentication to work.
If the password is stored in your LDAP directory using SSHA or another
strong hashing scheme then integration of Digest authentication is
not mathematically possible.
Regards
Henrik
Received on Sun Dec 01 2002 - 05:35:59 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:47 MST