[squid-users] Tutorial for better authentication than basic

j m acctforjunk at yahoo.com
Thu May 4 11:14:18 UTC 2017


Wow, this only showed up in my email yesterday.  I blame Yahoo.
I did respond earlier basically saying I would need to connect from different IPs.

      From: Eliezer Croitoru <eliezer at ngtech.co.il>
 To: 'j m' <acctforjunk at yahoo.com>; squid-users at lists.squid-cache.org 
 Sent: Wednesday, May 3, 2017 6:37 PM
 Subject: RE: [squid-users] Tutorial for better authentication than basic
   
There is another option if you don't have any issue to allow a certain public IP address access to your network you can use some kind of portal which will allow based on a SSL(even with self signed certificate) the "session" access to the service.

If it sounds fine let me know and I will prepare and example.

Eliezer

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il


From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of j m
Sent: Tuesday, May 2, 2017 12:05 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Tutorial for better authentication than basic

Wow, I didn't find that one.  Not super secure, but better than clear text and I'm not too worried about someone sniffing my packets.
________________________________________
From: Eliezer Croitoru <mailto:eliezer at ngtech.co.il>
To: 'j m' <mailto:acctforjunk at yahoo.com>; mailto:squid-users at lists.squid-cache.org 
Sent: Monday, May 1, 2017 3:30 PM
Subject: RE: [squid-users] Tutorial for better authentication than basic

And what about digest authentication?

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: mailto:eliezer at ngtech.co.il

From: squid-users [mailto:mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of j m
Sent: Monday, May 1, 2017 4:18 PM
To: mailto:squid-users at lists.squid-cache.org
Subject: [squid-users] Tutorial for better authentication than basic

I'm using Ubuntu 16.04 Server in the home and would like to set up a proxy server for use from over the Internet.  The main purpose for this is to easily access a few web-devices on my LAN without using VPN, and at times to route web traffic from a remote location through my home ISP.  I do not need nor want any caching or filtering.

I previously used Tinyproxy and that did the job, but it had no authentication whatsoever.  I have basic authentication working on squid 3.5, where it asks for the username and password, but I believe this login is sent in clear text.  I've did some research and found squid supports various better methods, such as kerberos, ntlm, smb, etc.  However, while I'm able to install Linux and set up various things, I'm struggling with this authentication aspect.  I have a suspicion some of these methods will not work well because they rely on other services (such as SMB) and may require opening more ports on my router, something I'm not crazy about.

Amos previously suggested client cert auth, but I'm not sure how to set this up.  Are there any other secure auth methods that would work well over the Internet and are fairly simple to configure?

In any case, can anyone point me to an online tutorial somewhere (for a authentication newbie) that outlines how this is done?



   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170504/f199b272/attachment-0001.html>


More information about the squid-users mailing list