Tom Strickland <[EMAIL PROTECTED]> wrote:
> I'm thinking of using wwwoffle as part of an application firewall in
> our network. Our server will run linux kernel 2.4 and redirect all
> internet-destined port 80 traffic to port 8080.
I hope that you realise that not all internet web servers operate on
port 80. I presume that you will be blocking all other ports.
> The logging will allow
> us to check what's being browsed (not my decision, management) and
> authentication will ensure that only authorised staff have access to
> the Internet. Problem: passwords. I have a slight problem with
> passwords being stored in the clear on the server, but I can live with
> that.
> Are there any problems to introduce digest authentication or SSL for
> the authentication stage? Consider this a big feature request :-)
I think that the only problem is that, as far as I know, the only way
that browsers can authenticate with a proxy is using the HTTP/1.1
proxy authentication. This itself only works if the browser knows
that it is talking to a proxy (so re-directing packets won't work).
There are no ways that I know of to use digest or SSL authentication.
> I
> love the rest of wwwoffle, but it would be great if each user could
> have a single password for all systems. Similarly, PAM would be
> great.
I would not want to use the same password for proxy authentication as
I used for logging in. The proxy authentication is sent in plain
text, my login password is too valuable for that.
If you are not bothered by this then an AllowedConnectUsers option to
use a /etc/passwd file format would not be too difficult. I don't
know enough (anything) about PAM to know what that would involve.
--
Andrew.
----------------------------------------------------------------------
Andrew M. Bishop [EMAIL PROTECTED]
http://www.gedanken.demon.co.uk/
WWWOFFLE users page:
http://www.gedanken.demon.co.uk/wwwoffle/version-2.6/user.html
