On 20/9/2011 4:53 μμ, Luis Daniel Lucio Quiroz wrote:
> ...
>
> There are 3 more way and you shall evaluate what fits the best for you.
> a) you may use Kerberos auth, many browsers suppor it right now.
> b) you may use NTLM2 auth, helper is available at samba package
> c) you may relay secure auth with radius+https, after auth sucessful
> with a browser that client ip shall surf
>
Thank you, Luis.
So, the solution with certificates would not work? I read about it here:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Client-Certificate-Authentication-td3353759.html
Now that I re-read it (cause it's long), I come to the conclusion that
certificate-authentication wouldn't/shouldn't work without SSL, so it
seems stunnel (for example, or other similar solutions as discussed on
that thread) would still be needed. Configuration details for
certificate-based authentication would still be interesting, if
available anywhere.
I guess I'll now try Squid with Kerberos auth...
Nick
This archive was generated by hypermail 2.2.0 : Wed Sep 21 2011 - 12:00:02 MDT