[squid-users] One Time Password with squid, exists?

Amos Jeffries squid3 at treenet.co.nz
Thu Mar 12 02:01:33 UTC 2015


On 12/03/2015 2:50 p.m., Eliezer Croitoru wrote:
> Hey List,
> 
> I was wondering about if OTP was ever implemented officially with squid?

To answer that you need to define OTP.

* Basic is the only scheme which delivers a password. So technically the
others are all one-use-password schemes already.

* Digest with nonce count 1 is a one-time-token scheme at the message level.

* Negotiate and NTLM are one-time-token schemes at the TCP connection level.

* Basic auth can be one-time-token but requires supporting logic to be
implemented in the clients, server, and a token asignment mechanism. Its
easier to just use Digest in most cases.

Amos



More information about the squid-users mailing list