Dear Community,
I successfully set up a LDAP authentication between squid and a windows 2008 server domain controller. The following problem exists:
# Users are able to use http and https. When they are not explicitly enter https://<url> the http protocol will be used
# Because the auth is basic_ldap_auth all passwords are then transmitted in clear text.
I thought of the two solutions because of that challange:
# Redirect auth traffic (or all traffic) from HTTP to HTTPs, I did a lot of internet research abou this but did not find any solution
# I read a hint on http://serverfault.com/questions/151672/the-story-of-secure-user-authentication-in-squid that you should be able to mix digest and auth programs, but this does not work, obviously because the squid server is (fortunetely) not able to reverse the MD5 string it get's from the client to clear text passwords
Any help is highly appreciated.
Best regards!
Received on Fri Jan 25 2013 - 06:41:01 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 25 2013 - 12:00:05 MST