On Mon, 13 Oct 2003, Ilya wrote: > Firstly, not all browsers (at least not all versions of them) > support digest authentication. > Secondly, not all downloaders support digest authentication. > Thirdly, i am to organize authentication using LDAP server, > where all users have their accounts. But digest authentication > needs cleartext passwords.
Sorry, but the proxy can do not better than the clients used for connecting to the proxy. If your clients does not support secure authentication methods then there is not much the proxy can do about this. Integration with LDAP is a problem indeed. Secure authentication shemes tend to require access to a per-user secret, and there is no standard in how this is to be done.. Another alternative is to try to convince the browsers to SSL encrypt the communication to the proxy. Unfortunately I do not know of a single browser which support SSL encrypted proxy connections. However, if you manage to convince the browser to do so then all you need is already available in Squid via the https_port. A third but not very interesting alternaitve is out-of-band authentication, for example using an SSL server where the user authenticates and this authorizes his IP address to access the proxy for some time.. Regards Henrik
