[squid-users] Securing proxy authentication against Novell Edirectory

From: Diego Woitasen <diegows@dont-contact.us>
Date: Sat, 2 Jun 2007 21:27:57 -0300

Hi,

  I have a Squid using basic authentication with squid_ldap_auth
against Novell Edirectory. This is working fine, but is very insecure.
Somebody knows any method to get a secure communication between
browser and squid, to authenticate against Novell Edir?

 One possible solution that I'm in research is to use digest
authentication, relaying the authentication between Edir and the
browser, so:

1- The browser send the request to the proxy.
2- The proxy send the "LDAP initial authentication" message to the
LDAP server (Edir o any LDAP server), SASL DIGEST-MD5 authentication
request.
3- The LDAP server sends the response with digest data (nonces, opaque, etc).
4- Squid sends the digest data to the browser (in HTTP format).
5- The browser send generates the digest-data (nonce, opaque,
response, etc) to the proxy.
6- The proxy send the browser's digest-data to the LDAP server (via LDAP/SASL).
7- The LDAP return OK to the proxy.

Somebody have any comments or ideas or other method to secure the
authentication?

regards,
   diegows

-- 
-------------------
Diego Woitasen
-------------------
Received on Sat Jun 02 2007 - 18:27:59 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:03 MDT