Home / server / Questions / 106846
Accepted
user28362
Asked: 2010-01-28 07:47:05 +0800 CST

Squid authentication encryption

  • 772

I use Squid and the users must authenticate. The users are authenticating in cleartext. I found tutorials about stunnel (http://www.jeffyestrumskas.com/?page_id=3), but the clients also need this software.

Is there no possibility that for user authentication SSL (or some other encryption technology) can be used?.

Thanks.

squid ssl

3 Answers

  1. You could use HTTP Digest authentication with squid. This way the passwords would not be passed clear-text. This is quite easy to configure, no certificated needed, little overhead. I have successfully used it for some time in a small company.

    There are some problems with this approach, though:

    • Many HTTP clients have digest authentication implementation broken.
    • You will probably not be able to use your current ('encrypted') password database.
    • 2
  2. Best Answer

    See http://squid-web-proxy-cache.1019090.n4.nabble.com/Simple-Kerberos-Squid-configuration-received-type-1-NTLM-token-td2553379.html#a2553379.

    Using SSO (Kerberos) with Firefox as client (on a Windows Xp client and Linux server with Kerberos and no AD and no LDAP if not needed) is a solution.

    • 2

  3. You can create an ACL using the user_cert ACL Type in squid.conf.

    acl ssl_authentication user_cert somecertattributevalue

    Then create filters using that ACL.

    http_access deny all
http_access allow ssl_authentication
    • 1