Re: [squid-users] Securing proxy authentication against Novell Edirectory

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sun, 03 Jun 2007 03:14:42 +0200

sön 2007-06-03 klockan 03:07 +0200 skrev Henrik Nordstrom:
> lör 2007-06-02 klockan 21:27 -0300 skrev Diego Woitasen:
>
> > I have a Squid using basic authentication with squid_ldap_auth
> > against Novell Edirectory. This is working fine, but is very insecure.
> > Somebody knows any method to get a secure communication between
> > browser and squid, to authenticate against Novell Edir?
>
> It's possible using Digest. Currently require the Novell Edir addon
> which enables Edir to store the users plain-text password.. But that
> introduces it's own security hazards..

Forgot the link

http://forge.novell.com/modules/xfmod/project/?ldapdigest

>
> > One possible solution that I'm in research is to use digest
> > authentication, relaying the authentication between Edir and the
> > browser, so:
>
> This kind of Digest relaying is not yet supported by Squid. It would be
> very good, but no one has implemented it yet. You are most welcome to
> help with adding this feature, if so join the Squid developers on the
> squid-dev mailinglist
>
> http://www.squid-cache.org/Support/mailing-lists.dyn#squid-dev
>
> Regards
> Henrik

Received on Sat Jun 02 2007 - 19:14:47 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:03 MDT