Hi squid-dev,
> As said in my previous message you could probably utilize LDAP to
> store the password hashes required for HTTP Digest authentication if
> you like but this will most likely be separate from the normal
> userPassword LDAP attribute, and require special attention when the
> user changes his password to keep the two in synch.
I thought of a different solution: The digest_pw_auth.c (or some plugin on
behalf of it) queries the LDAP server (with a special bind user "squid", who has
access to the userPassword attributes) and returns the password if either a
"ProxyAllowed" flag/attribute is set or the user contains to a "ProxyAllowed"
group. Of course securely due to TLS and/or Digest-MD5.
What do you think about this? Could this be an appropriate solution?
Regards
Josef Irnberger
p.s.: I experienced that Mozilla and Galleon keep asking for the
username/password after they were entered. (Multiple times within seconds and
without leaving the current domain) Which makes browsing nearly impossible.
Probably worth a Bugzilla
submission.
Received on Fri Nov 08 2002 - 02:42:55 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:38 MST