Re: [squid-users] squid_ldap_auth and passwords in clear text

From: Matias Chris <lists_at_matiaschris.com.ar>
Date: Thu, 27 Nov 2008 15:30:17 -0200

Henrik,

I have tried LDAP authentication in the past and stop using it becouse
of the passwords being sent in clear text. I read about TLS but then I
would need my DC to be a CA and that is not feasible at the moment. So
Im testing NTLMSSP now, but is not being very stable and also read
that is not recommended for networks with more than 200 users.

Is this the end of the road? Is there any other method Im missing to
authenticate users against AD?Transparently?

Thanks,

On Tue, Nov 18, 2008 at 6:59 AM, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> On fre, 2008-11-14 at 10:31 -0600, Johnson, S wrote:
>
>> I just got the squid_ldap_auth working ok on my segment but when
>> watching the protocol analyzer I see that the auth requests against the
>> AD are coming in as clear text passwords. Is there anyway we can
>> encrypt the ldap domain requests?
>
> By AD do you refer to Microsoft AD? In such case use NTLM authentication
> instead of LDAP.
>
> You can also TLS encrypt the LDAP communication, but this does not
> protect the credentials sent by browsers to Squid, just the
> communication squid->LDAP.
>
> Regards
> Henrik
>
>
>
Received on Thu Nov 27 2008 - 17:30:21 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 28 2008 - 12:00:04 MST