tis 2009-09-29 klockan 21:28 -0500 skrev David Boyer:
> I've been using squid_ldap_auth (Squid 2.7, SLES 11) for basic
> authentication, and it wasn't terribly difficult to set up. What
> concerns me is the passing of credentials from the browser to Squid in
> plain text. When we use basic authentication anywhere else, the web
> site usually requires HTTPS. I'm not seeing an easy way to do that
> with Squid.
Squid can via it's https_port directive, but there is no known browsers
supporting SSL encrypted proxy connections.
> We have a full Active Directory environment, and everyone using Squid has a domain account. Our users use a combination of Firefox 3.x, IE, and Safari.
Then NTLM or Kerberos/Negotiate authentication should be a viable option
for you.
The other available option Digest authentication unfortunately can not
integrate with Active Directory that easy...
> What options are there for using authentication with Squid while also
> ensuring the credentials passed between the browser and Squid are
> encrypted? The stunnel approach would not be an option for us.
And neither is pushing the browser vendors to have support for SSL
encrypted proxy connections I suppose?
Regards
Henrik
Received on Mon Oct 05 2009 - 12:14:28 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 05 2009 - 12:00:02 MDT