[squid-users] digest auth and LDAP

From: Ronny Haryanto <ronnylist@dont-contact.us>
Date: Wed, 21 Jul 2004 11:28:14 +1000

Hi all,

So I found this post from Henrik Nordstrom:
http://www.squid-cache.org/mail-archive/squid-users/200212/0005.html
and I quote: "On what format is the passwords stored in your LDAP
directory? Plain text or encrypted? If plain text then it is possible
writing a secure channel between Squid and your LDAP server to allow
Digest authentication to work. If the password is stored in your LDAP
directory using SSHA or another strong hashing scheme then integration
of Digest authentication is not mathematically possible."

Basically I don't want the auth information (login+password) flying
around in cleartext. So my options come down to using digest auth or
SSL connection to proxy. But after reading the post above I don't
think I can use digest auth because I don't want passwords to be
stored (in LDAP) in cleartext either, and I don't know if there are
any browsers out there that talks SSL to proxy for non-SSL proxied
requests, even if there is one I don't think my users would be very
happy if we force them to use just one particular brand of browser,
but if there is any I'd like to know anyway.

Is there any other alternative for secure auth? Any suggestions?

Surely there must be some people here that are using LDAP auth, what
do you do in this case? Do you just leave it cleartext?

Thank you in advance for your time and attention.

Ronny

Received on Tue Jul 20 2004 - 19:28:17 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT