or use PAM.
Set your squid to do a pam_auth on the same server.
Set that server to host accounts on ldap (see pam with ldap). This ldap DB
can sit anywhere and you can use TLS or SSL.
So your architecture would be:-
Server1 -> Squid + pam_auth
Server1 -> Set PAM to auth via LDAP to server2 using TLS/SSL
(/etc/ldap.conf)
Server2 -> LDAP DB (posixAccount and posixGroup)
(The only drawback is all the ldap users become server1's login accounts but
you can get around that)
-----Original Message-----
From: news [mailto:news@sea.gmane.org]On Behalf Of Adam Aube
Sent: 06 May 2004 20:43
To: squid-users@squid-cache.org
Subject: [squid-users] Re: Confused about autenthication
Carlos Martínez-Troncoso Cera wrote:
> I want to authenticate my users against my LDAP Sun One Directory Server
> 5.1 when they want to use my squid 2.5 stable5 and I want encrypted
> passwords
Unfortunately, there is no "out of the box" solution. LDAP integration in
Squid is only supported with basic authentication, and basic authentication
sends the password cleartext over the network to the proxy.
What you can do is use Stunnel (or a similar program) to setup an encrypted
channel between the clients and the proxy server. The username and password
will travel over this channel and be encrypted in transit.
Adam
Received on Thu May 06 2004 - 13:55:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT