Re: Proxy Auth

2003-03-21T10:14:53 pablo gietz:
> Do you know how to encrypt the proces of authentication betwen the

As far as I can see, no. This would be a good question for a squid-specific list, though.

What _ought_ to work is to enable https in squid (I don't see any support for that) or equally run a stunnel (preferably in transproxy mode, so squid can still see the real originating IPs) as a front end; then configure the browser to use https://url.of.squid:3128/ as the proxy. Problem is, I don't think this is actually supported.

> We like to use the same login name and password for NT and squid,

Exactly right. You've got two choices that I know of; either force people to use separate passwords for your squid, so their exposure doesn't do as much damage, or else craft the net between your users and your squid so you aren't so worried about sniffing. Well-monitored switches can be a help. Give everyone a separate switch port, and span every switch to an IDS set up to report attempts to whap its cam table.

-Bennett

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek