fre 2006-09-01 klockan 15:04 -0700 skrev Zaki Akhmad:
> On 9/1/06, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> >
> > Yes, but browses only support this when using Squid as reverse proxy
> > infront of your web servers, not when using it as an Internet proxy.
> >
> > Squid doesn't use LDAP to verify the client certificate. Instead normal
> > X509 CA based chain of trust is used.
>
> Hai Henrik, thank you for your attention. Is there any hint how to
> modify the squid.conf? So that the squid can access the certificate
> from the LDAP server. Such as
>
> auth_param basic program ... -x -D "(cn=username)" certificateFile; ....
Squid just doesn't do this.
But in theory you should be able to write an external acl helper to
verify the certificate against LDAP after the connection has been
accepted by Squid.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT