From owner-freebsd-isp Mon Mar 13 21:34:25 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns.internet.dk (ns.internet.dk [194.19.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 123F937B532 for ; Mon, 13 Mar 2000 21:34:14 -0800 (PST) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.9.2/8.9.3) with UUCP id GAA02186 for freebsd-isp@FreeBSD.ORG; Tue, 14 Mar 2000 06:34:09 +0100 (CET) (envelope-from leifn@neland.dk) Received: from gina (gina.neland.dk [192.168.0.14]) by arnold.neland.dk (8.9.3/8.9.3) with SMTP id AAA46212 for ; Tue, 14 Mar 2000 00:21:57 +0100 (CET) (envelope-from leifn@neland.dk) Message-ID: <010f01bf8d42$efda91e0$0e00a8c0@neland.dk> Reply-To: "Leif Neland" From: "Leif Neland" To: Subject: Is passwords send to auth webpages secure? Date: Tue, 14 Mar 2000 00:13:00 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have set a squid proxy to use samba_auth (When somebody is trying to = use the proxyserver, they are presented with a normal browser-popup, and = are prompted for a login/password. This is their NT-login/passwd, and if = they are allowed to read a file on the NT with this login/pwd, they are = granted access to the squid proxy). Now I have been asked if the passwords from browser to squid is sent in = cleartext, so it can be sniffed? If so, this is an argument to get swiches instead of hubs... Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message