>Squid has what is required for using SSL between the browser
>and
>Squid, but there is no known browsers who can access proxies
>using
>SSL so this is currently of limite use to where Squid is
>running as
>an https:// server accelerator.
>
>One approach is to sponsor the Squid and OpenLDAP (or maybe
>Cyrus
>SALS) projects to allow for Squid integration of Digest
>authentication to OpenLDAP servers.
>
>On what format is the passwords stored in your LDAP
>directory? Plain
>text or encrypted? If plain text then it is possible writing
>a secure
>channel between Squid and your LDAP server to allow Digest
>authentication to work.
>
>If the password is stored in your LDAP directory using SSHA
>or another
>strong hashing scheme then integration of Digest
>authentication is
>not mathematically possible.
Thanks for answer.
OK, let`s assume that we have plain text passwords in our LDAP
directory. (We have some server just for experiments :))
>If plain text then it is possible writing a secure
>channel between Squid and your LDAP server to allow Digest
>authentication to work.
What do you mean? Yes, it is possible to organize the SSL
connection between squid & LDAP. But how can I make squid to
take passwords from LDAP, not .../etc/digpass, not from the
file on local host? What should I rewrite?
And one more. What browser/version support Digest auth. I
tried with Netscape 4.78 and failed. But succeded with Mozilla
1.0 :)
Thanks.
Ilya
Received on Sun Dec 01 2002 - 06:46:03 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:47 MST