On Friday 11 July 2003 03.16, Norman Zhang wrote: > Please excuse my ignorance. Would passwords be passed in clear text > using basic auth?
Yes. > Is there an authentication scheme that works > without clear text. Neither NTLM or Digest passes passwords over the wire. Of the two Digest is preferred as it is a standard HTTP authentication protocol without the design errors of NTLM and also provides a higher level of protection for the users passwords. You probably want to use Squid-2.5.STABLE3 or later however, and not all browsers support Digest yet (most mainstream browsers does). Both requires special password databases: local text file in case of Digest, a NT Domain in case of NTLM. Squid never gets the users password at all in these methods and thus can not integrate with normal password databases requiring the actual password like done in the basic scheme. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]