> From: Henrik Nordstrom [SMTP:hno@hem.passagen.se]
>
> Nick Sparkes wrote:
>
> > Ideally I would like to integrate the authentication with NDS,
>
> Username+password authentication can be used if you can find a program
> that can validate the username+password pair. I know nothing about how
> to validate NDS passwords, but I assume it is doable somehow or it would
> be a rather useless authentication directory.
>
If NDS is Netware Directory Services, Netware have used challenge
response password systems since before NDS. However, I don't think
squid is able to pass a challenge through to the browser, and
browsers don't, in general, know how to handle the Netware
authentication protocol, do any use of NDS passwords is likely
to involve a clear text exchange between the browser and the
proxy, severely compromising the security features
in the Netware protocol.
The policy in this situation may well be to *not* use the Netware
password for proxy access, or to have a completely different set of
Netware passwords for this purpose from those intended for use to
access
the file servers.
Received on Thu Sep 23 1999 - 07:38:51 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:32 MST