On Tue, 20 Sep 2011 22:15:29 +0300, Nikolaos Milas wrote:
> On 20/9/2011 4:53 μμ, Luis Daniel Lucio Quiroz wrote:
>
>> ...
>>
>> There are 3 more way and you shall evaluate what fits the best for
>> you.
>> a) you may use Kerberos auth, many browsers suppor it right now.
>> b) you may use NTLM2 auth, helper is available at samba package
>> c) you may relay secure auth with radius+https, after auth sucessful
>> with a browser that client ip shall surf
>>
>
> Thank you, Luis.
>
> So, the solution with certificates would not work? I read about it
> here:
>
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Client-Certificate-Authentication-td3353759.html
>
> Now that I re-read it (cause it's long), I come to the conclusion
> that certificate-authentication wouldn't/shouldn't work without SSL,
> so it seems stunnel (for example, or other similar solutions as
> discussed on that thread) would still be needed. Configuration
> details
> for certificate-based authentication would still be interesting, if
> available anywhere.
Correct. The certificate is itself the secure "token" equivalent of
password. SSL handshake is the auth process.
In theory HTTP can support a certificate based auth scheme. However
nobody has yet written any specifications describing one so no software
support for it outside of SSL/TLS interactions.
>
> I guess I'll now try Squid with Kerberos auth...
>
> Nick
Amos
Received on Wed Sep 21 2011 - 02:21:55 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 21 2011 - 12:00:02 MDT