On Thu, 23 Sep 2004, Alex Sharaz wrote:
Still, I'll have a play and see what we can do. It would be better if there was some way of not having to install something on the client.
There is, but as already noted in this thread when combining different authentication systems the end result is the most common denominator of all the systems involved. Since you need to use a radius backend the proxy needs to have the password in plain text and this limits authentication to plain text as none of the more secure challenge-response based schemes can be used.
The only way available to protect plain text is by encryption, but to use encryption both endpoints needs to support the use of encryption. Without encryption support at the client endpoint it is a bit hard..
Some Radius servers support Digest authentication, but unfortunately not exacly the type used by HTTP authentication and in addition the Digest authenticator interface of Squid can not make use of this (yet)..
Regards Henrik
