Squid authentication encryption
Solution 1:
You could use HTTP Digest authentication with squid. This way the passwords would not be passed clear-text. This is quite easy to configure, no certificated needed, little overhead. I have successfully used it for some time in a small company.
There are some problems with this approach, though:
- Many HTTP clients have digest authentication implementation broken.
- You will probably not be able to use your current ('encrypted') password database.
Solution 2:
See http://squid-web-proxy-cache.1019090.n4.nabble.com/Simple-Kerberos-Squid-configuration-received-type-1-NTLM-token-td2553379.html#a2553379.
Using SSO (Kerberos) with Firefox as client (on a Windows Xp client and Linux server with Kerberos and no AD and no LDAP if not needed) is a solution.
Solution 3:
You can create an ACL using the user_cert ACL Type in squid.conf.
acl ssl_authentication user_cert somecertattributevalue
Then create filters using that ACL.
http_access deny all
http_access allow ssl_authentication