On ma, 04 maalis 2019, Edward Valley via FreeIPA-users wrote:
Thanks for your answer. Doing it the way you propose, squid uses basic authentication, which exposes user names and passwords in the network because of the simple base64 encoding.
Just set up your clients to use HTTPS proxy connection in the browser.
https://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection talks about it. Both Chrome-based browsers and Firefox do work just fine with HTTPS connection to the proxy for years now. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org