Cache_peer login password encryption

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Cache_peer login password encryption

Hariharan Sethuraman
Hi,

How do I encrypt the password in squid.conf in cache_peer config?

Thanks,
Hari

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Cache_peer login password encryption

Amos Jeffries
Administrator
On 28/08/18 4:32 PM, Hariharan Sethuraman wrote:
> Hi,
>
> How do I encrypt the password in squid.conf in cache_peer config?
>

Why? the only passwords you put into squid.conf directly are for Basic
authentication which gets sent in plain text over the network. So there
is no point encrypting for the config file.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Cache_peer login password encryption

Amos Jeffries
Administrator
On 28/08/18 11:52 PM, Hariharan Sethuraman wrote:
> Thanks Amos, let me explain my understanding. Please correct if wrong.
> The parent proxy (that is configured in cache_peer) does a basic
> authentication with the squid which will be transferred in plain text
> even if communication with cache_peer is going to be https based. Correct?
>

You mean the connection to the peer uses TLS ?
 In that case the encryption is taken care of by the TLS layer. The
proxy and its peer are still talking regular HTTP over that connection.

The Basic auth password still needs to be unencrypted for Squid to
generate the correct HTTP message headers for the peer.

If you need secure passwords use Kerberos (Negotiate auth) between the
peers.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users