I have squid 2.5 working with ldap authentication in a test environment. If I
understand correctly what I have read in FAQ 23.1 when the username/password pair is
passed from the user's browser to squid it is unencrypted and hence at risk of
interception. To protect against this we are considering using SSL. My question about
this is: Am I right in thinking that there is no way to encrypt just the
username/password pair and that we will have to encrypt all traffic to squid to
prevent the password details being read.
Thanks
Rick Barns
