Re: browser authentication (was Re: Intruducing myself)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 08 Nov 2002 10:50:27 +0100

fre 2002-11-08 klockan 10.37 skrev Josef.Irnberger:

> I thought of a different solution: The digest_pw_auth.c (or some plugin on
> behalf of it) queries the LDAP server (with a special bind user "squid", who has
> access to the userPassword attributes) and returns the password if either a
> "ProxyAllowed" flag/attribute is set or the user contains to a "ProxyAllowed"
> group. Of course securely due to TLS and/or Digest-MD5.
>
>
> What do you think about this? Could this be an appropriate solution?

Sure this can be done, if you think storing the plain text password in
your LDAP tree is wise.. I don't like storing plaintext versions of
users password and prefer storing one or more one-way hashed variants..

Regards
Henrik
Received on Fri Nov 08 2002 - 02:49:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:38 MST