Re: Proxy Authentication

From: Bertold Kolics <bertold@dont-contact.us>
Date: Mon, 28 Feb 2000 10:38:59 +0100 (MET)

Dean,

> I've finally got squid talking to a Neware 5 LDAP server (server is
> using SSL). I can only get it to work if the "use clear text
> passwords" option is turned on.

Squid's LDAP authenticator module can not speak LDAP over TLS/SSL
currently.

> What affect will this have on security, how is the password transmited
> from the browser to squid and then on to the LDAP server.
>
> What routines does the password go through to get validated?
>
> I used a packet sniffer to examine the packet and could see the words
> proxy authentication basic and then a crypted word, I aussme this was
> the username+password.

Squid can only perform 'Basic' authentication. And that is why clients
(browsers) authenticate to use the proxy service of Squid using Basic
authentication (for more info, see RFC2617). Basic authentication sends
the username and the password separated by a ':' and this string is
encoded in BASE64. And this is not secure at all.

Bertold

-- 
Kolics, Bertold * MTA SzTAKI * Phone: +36 14665644 ext. 163
WWW:http://www.sztaki.hu/~bertold/ * Fax: +36 14667503
Received on Mon Feb 28 2000 - 02:49:28 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:42 MST