Hi all, So I found this post from Henrik Nordstrom: http://www.squid-cache.org/mail-archive/squid-users/200212/0005.html and I quote: "On what format is the passwords stored in your LDAP directory? Plain text or encrypted? If plain text then it is possible writing a secure channel between Squid and your LDAP server to allow Digest authentication to work. If the password is stored in your LDAP directory using SSHA or another strong hashing scheme then integration of Digest authentication is not mathematically possible."
Basically I don't want the auth information (login+password) flying around in cleartext. So my options come down to using digest auth or SSL connection to proxy. But after reading the post above I don't think I can use digest auth because I don't want passwords to be stored (in LDAP) in cleartext either, and I don't know if there are any browsers out there that talks SSL to proxy for non-SSL proxied requests, even if there is one I don't think my users would be very happy if we force them to use just one particular brand of browser, but if there is any I'd like to know anyway. Is there any other alternative for secure auth? Any suggestions? Surely there must be some people here that are using LDAP auth, what do you do in this case? Do you just leave it cleartext? Thank you in advance for your time and attention. Ronny
pgpgWGkz5q2tO.pgp
Description: PGP signature
