Squid Authentication - BSD

This is a discussion on Squid Authentication - BSD ; Hi I was wandering if any one had a good howto setup squid with authentication. I have tried to use the htpasswd from the squid site but the program keeps crashing. Thanks Zen...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Squid Authentication

  1. Squid Authentication

    Hi

    I was wandering if any one had a good howto setup squid with
    authentication. I have tried to use the htpasswd from the squid site
    but the program keeps crashing.

    Thanks

    Zen

  2. Re: Squid Authentication

    zen8061@zen.co.uk wrote:
    > Hi
    >
    > I was wandering if any one had a good howto setup squid with
    > authentication. I have tried to use the htpasswd from the squid site
    > but the program keeps crashing.
    >
    > Thanks
    >
    > Zen


    I would suggest against authentication (versus just submitting username)

    At work, we have to authenticate, and I see that as a gaping security
    hole -- you're sending your logon information (including password)
    through the wire for authentication. Sending username alone, isn't that
    security problem.

    I can't help with any tips specifically to do either one, I thought I
    would offer my thought on authenticating proxies.

    Good Luck

  3. Re: Squid Authentication

    zen8061@zen.co.uk wrote:
    > Hi
    >
    > I was wandering if any one had a good howto setup squid with
    > authentication. I have tried to use the htpasswd from the squid site
    > but the program keeps crashing.
    >


    I've never had any problems with squid and authentication.
    What version of squid are you using?

    Peter
    --
    http://www.boosten.org

    Mail: peter at boosten dot org

  4. Re: Squid Authentication

    Tim Judd wrote:
    > zen8061@zen.co.uk wrote:
    >
    > I would suggest against authentication (versus just submitting username)
    >
    > At work, we have to authenticate, and I see that as a gaping security
    > hole -- you're sending your logon information (including password)
    > through the wire for authentication. Sending username alone, isn't that
    > security problem.
    >


    I would consider the possibility to sniff your network a larger
    security hole then. As long as you don't use the same password for
    your network login, no real problem (we use basic authentication at
    our company to authenticate ~ 20000 users). Since squid logs client
    IP addresses, abuse/misuse can be investigated.

    Peter
    --
    http://www.boosten.org

    Mail: peter at boosten dot org

  5. Re: Squid Authentication

    Peter Boosten wrote:
    > Tim Judd wrote:
    >> zen8061@zen.co.uk wrote:
    >>
    >> I would suggest against authentication (versus just submitting username)
    >>
    >> At work, we have to authenticate, and I see that as a gaping security
    >> hole -- you're sending your logon information (including password)
    >> through the wire for authentication. Sending username alone, isn't that
    >> security problem.
    >>

    >
    > I would consider the possibility to sniff your network a larger
    > security hole then. As long as you don't use the same password for
    > your network login, no real problem (we use basic authentication at
    > our company to authenticate ~ 20000 users). Since squid logs client
    > IP addresses, abuse/misuse can be investigated.
    >
    > Peter


    It's all based of an LDAP backend on the 9 servers that process (windows
    OS) user logons. The windows logon is IDENTICAL to the authentication
    on the squid proxy servers.

    People there won't listen to me when it's about security, and the one
    who manages the systems doesn't seem to give a living s**t about it.
    He's got a job, that's all he cares about.

    Long story short, it's a hellhole working there, and I won't stand for it.

+ Reply to Thread