I've been using squid_ldap_auth (Squid 2.7, SLES 11) for basic authentication,
and it wasn't terribly difficult to set up. What concerns me is the passing of
credentials from the browser to Squid in plain text. When we use basic
authentication anywhere else, the web site usually requires HTTPS. I'm not
seeing an easy way to do that with Squid.
We have a full Active Directory environment, and everyone using Squid has a
domain account. Our users use a combination of Firefox 3.x, IE, and Safari.
What options are there for using authentication with Squid while also ensuring
the credentials passed between the browser and Squid are encrypted? The stunnel
approach would not be an option for us.
TIA!
David Boyer
Senior Network Administrator
Buena Vista University
610 W. 4th St.
Storm Lake, IA 50588
712-749-2358 (voice/fax)
[email protected]
