No, it is possible to use digest authentication to avoid
cleartext passwords. The squid wiki link Henrik sent out is a good
start, but it leaves out one critical piece: how to encode the
passwords! In either LDAP or a flat-file, I found only one site
online with instructions, and they were 100% wrong.
I eventually succeeded after much head-bashing by using the
"htdigest" command which comes with Apache. I haven't yet figured out
what it's doing during it's encoding, but it works.
Regards,
Chris
On Fri, May 30, 2008 at 9:13 AM, Squidly <squid_at_theindianmaiden.com> wrote:
> Is running samba the only way for squid not to use clear text passwords?
>
> On Fri, May 30, 2008 at 2:41 AM, Henrik Nordstrom
> <henrik_at_henriknordstrom.net> wrote:
>> http://wiki.squid-cache.org/KnowledgeBase/LdapBackedDigestAuthentication
>>
>> On tor, 2008-05-29 at 20:42 -0700, Squidly wrote:
>>> Is there a good guide detailing how to set this digest up with openLdap?
>>>
>>> On Thu, May 29, 2008 at 4:40 PM, Henrik Nordstrom
>>> <henrik_at_henriknordstrom.net> wrote:
>>> > On tor, 2008-05-29 at 16:21 -0700, Squidly wrote:
>>> >> I am hoping there is a way to encrypt user name and password as they
>>> >> are are passed from the browser to my debian squid box. I have looked
>>> >> around the web and just keep getting more confused. I found some
>>> >> reference to digest_ldap_auth but that does not exist in my lib and
>>> >> seems to be for windowz. Does someone know a good reference?
>>> >
>>> >
>>> > digest_ldap_auth is a standard digest helper shipped with Squid since
>>> > some years back.. It's not Windows related.
>>> >
>>> > The use of digest requires access to either plaintext passwords or
>>> > specifically digest hashed password hashes in the LDAP directory. It can
>>> > not use simple LDAP authentication like squid_ldap_auth.
>>> >
>>> > Regards
>>> > Henrik
>>> >
>>
>
Received on Fri May 30 2008 - 13:51:09 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:05:14 MDT