FW: NTLM forwarding in 2.6 ?

From: Baumgaertel, Oliver <oliver.baumgaertel@dont-contact.us>
Date: Wed, 17 May 2006 07:51:38 +0200

 

Yes, Users may have to pass through up to 2 proxies before reaching the
one doing the NTLM authentication. Their clients are configured to
actually use those proxies, the only allowed auth method is NTLM, beside
the currently used IP based one which is to be disabled in the
foreseeable future.

Most restraints we have here are based on (sometimes ridiculous) company
rules we have to abide. So the fact that even a guy in China has to be
authenticated in the main farm can't be changed. - sigh -

-----Original Message-----
From: Adrian Chadd [mailto:adrian@creative.net.au]
Sent: Dienstag, 16. Mai 2006 17:34
To: Baumgaertel, Oliver
Cc: Adrian Chadd; squid-dev@squid-cache.org
Subject: Re: NTLM forwarding in 2.6 ?

I'm still not what sure what you mean; do you mean clients will speak
NTLM to
the intranet server but have squid configured as a web proxy?

Adrian

On Tue, May 16, 2006, Baumgaertel, Oliver wrote:
>
>
> We have several layers of Proxies:
>
> User -> Region -> Region -> inner farm -|Firewall|-> DMZ farm
> -|Firewall|-> Internet
> User -----------> Region ->
> User --------------------->
>
> We do all our authentication/authorisation and filtering based on
> user/group in the inner farm. Currently we mainly do authentication
> based on the IP adress(-range) (around 95%) and only very few users
are
> authenticated via NTLM. However, we are under orders to change that in
> the foreseeable future to pure NTLM. So that'll be for Proxy
> authentication, server NTLM is only done within the intranet itself
and
> that's taken care of in the proxy settings of the clients.
>
> BlueCoats for example allow such a scenario with a thing called "NTLM
> forwarding". As far as I am aware that's not possible with Squid right
> now. So I wonder if that'll be part of the upcoming Stable 2.6/3 as
> we've to start planning for the nescessary changes rather soon.
Received on Wed May 17 2006 - 00:27:07 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:04 MDT