In my university case, using a digest password is unacceptible because it will
break compability with other system. And also it will allow the sys-admin to
know the user's password.
So what we do, is we make a simple web-login (https) and combined it with
iptables.
Quoting Paolo Biancolli <PAOLO.BIANCOLLI@wits.ac.za>:
> HI,
>
> I am also intersted in securing passwords using ldap. Where can I find
> this helper? I am using squid 2.5 on linux 2.4.
>
> Can I also use ntlm auth (I mean is it secure enough) against a
> Microsoft AD?
>
>
> Paolo Biancolli
>
>
>
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
> Sent: 06 April 2006 01:37 AM
> To: Melanie Pfefer
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] plugin to secure authentication
>
> ons 2006-04-05 klockan 12:23 +0100 skrev Melanie Pfefer:
>
>> I am looking for a third party plug-in to secure ldap based
>> authentication between browser and proxy.
>> Can you please assist?
>
> digest authentication.
>
> There is a digest LDAP based helper in the Squid-3 tree (this helper
> also works with 2.5). Due to the security aspects of the
> browser<->squid authentication the helper requires it's own "digest"
> password hash stored in the LDAP tree or access to plain text passwords.
>
>
> In theory another possible route would be to SSL encrypt the
> browser<->squid traffic, but this isn't supported by any browsers on the
> market (neither free or proprietary) and thus requires an SSL wrapper
> such as stunnel on each client station..
>
> Regards
> Henrik
>
Received on Thu Apr 06 2006 - 01:37:44 MDT
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT