RE: [squid-users] plugin to secure authentication

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 06 Apr 2006 13:49:18 +0200

tor 2006-04-06 klockan 14:37 +0700 skrev Arianto C Nugroho:
> In my university case, using a digest password is unacceptible because it will
> break compability with other system. And also it will allow the sys-admin to
> know the user's password.

If your user directory is a good one it should be possible to extend the
password storage to additionally store a Digest password hash solving
the above problems.

> So what we do, is we make a simple web-login (https) and combined it with
> iptables.

Please note that this is limited to single-user clients only. If there
is multi-user station (such as UNIX servers, Windows Terminal Server
etc) then this IP based scheme will obviously fail.

If you have multi-user stations, child proxies, internal NAT devices or
other situations where multiple users will come to your cache from the
same IP then the above scheme will not work very well as it sees them
all as the same user (the first one who logged in).

Regards
Henrik

Received on Thu Apr 06 2006 - 05:49:29 MDT

This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT