Peter Boutzev wrote: > I did not found any information about useing an encrypted manager password in > squid.conf". Yes, the cachemgr_passwd directive is lame and not very secure. However, most proxy servers should be isolated from the users and not allow interactive logons (other than possibly the cache manager using SSH for maintaining the server), so if people are allowable to get to the point where they may read Squids configuration file then you probably are in deep shit anyway. A more secure way to protect the cachemgr functions than the cachemgr_passwd directive is with Squids access list controls. This method allows you to control access on a per user basis, with passwords stored in mostly any source (implementations exists for NCSA style password files, LDAP, PAM, Unix, and a lot more). -- Henrik Nordström Squid developer
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:30 PDT