[squid-users] out-of-band authentication (like ident but better)

From: James Harper <james_at_ejbdigital.com.au>
Date: Tue, 2 Sep 2014 10:02:38 +0000

I mentioned at the tail of another email, I'd like to see a better out-of-band authentication protocol than ident. Such a protocol would have:

. a single connection from squid over which all identification requests travel. Not one connection per request as with ident.
. two way authentication (psk or certificate)
. encryption (tls)
. full connection description (src ip, src port, dst ip, dst port) so that interception proxy works (ident only exchanges port numbers)
. optional reverse connection (client connects to squid rather than squid connecting to client - only useful for a single proxy server but means no firewall exceptions on the client)
. probably still use port 113 (not that it really matters...)

Does such a thing exist already?

I can easily write a server for Windows, and probably for Linux, and the client side in squid wouldn't be too hard from what I can see.

Thanks

James
Received on Tue Sep 02 2014 - 10:03:02 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 02 2014 - 12:00:04 MDT