[squid-users] Re: squid_ldap_auth and passwords in clear text

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Thu, 27 Nov 2008 20:59:20 -0000

You might try squid_kerb_auth which uses Negotiate/Kerberos instead of NTLM
or Negotiate/NTLM.


"Matias Chris" <lists_at_matiaschris.com.ar> wrote in message
> Henrik,
> I have tried LDAP authentication in the past and stop using it becouse
> of the passwords being sent in clear text. I read about TLS but then I
> would need my DC to be a CA and that is not feasible at the moment. So
> Im testing NTLMSSP now, but is not being very stable and also read
> that is not recommended for networks with more than 200 users.
> Is this the end of the road? Is there any other method Im missing to
> authenticate users against AD?Transparently?
> Thanks,
> On Tue, Nov 18, 2008 at 6:59 AM, Henrik Nordstrom
> <henrik_at_henriknordstrom.net> wrote:
>> On fre, 2008-11-14 at 10:31 -0600, Johnson, S wrote:
>>> I just got the squid_ldap_auth working ok on my segment but when
>>> watching the protocol analyzer I see that the auth requests against the
>>> AD are coming in as clear text passwords. Is there anyway we can
>>> encrypt the ldap domain requests?
>> By AD do you refer to Microsoft AD? In such case use NTLM authentication
>> instead of LDAP.
>> You can also TLS encrypt the LDAP communication, but this does not
>> protect the credentials sent by browsers to Squid, just the
>> communication squid->LDAP.
>> Regards
>> Henrik
Received on Thu Nov 27 2008 - 20:59:51 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 28 2008 - 12:00:04 MST