[squid-users] Tutorial for better authentication than basic

[j m]

I'm using Ubuntu 16.04 Server in the home and would like to set up a proxy server for use from over the Internet.  The main purpose for this is to easily access a few web-devices on my LAN without using VPN, and at times to route web traffic from a remote location through my home ISP.  I do not need nor want any caching or filtering.
I previously used Tinyproxy and that did the job, but it had no authentication whatsoever.  I have basic authentication working on squid 3.5, where it asks for the username and password, but I believe this login is sent in clear text.  I've did some research and found squid supports various better methods, such as kerberos, ntlm, smb, etc.  However, while I'm able to install Linux and set up various things, I'm struggling with this authentication aspect.  I have a suspicion some of these methods will not work well because they rely on other services (such as SMB) and may require opening more ports on my router, something I'm not crazy about.
Amos previously suggested client cert auth, but I'm not sure how to set this up.  Are there any other secure auth methods that would work well over the Internet and are fairly simple to configure?
In any case, can anyone point me to an online tutorial somewhere (for a authentication newbie) that outlines how this is done?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170501/72dbf1e1/attachment.html>