RE: [squid-users] No Autologin, 407 Proxy Authentication Required

From: Serassio Guido <guido.serassio@dont-contact.us>
Date: Fri, 05 Aug 2005 13:59:02 +0200

Hi,

At 22.17 04/08/2005, Brian E. Conklin wrote:

>AD is merely an LDAP storage container. Microsoft's authorization schemes
>still continue to use NTLM. Currently it is actually NTLMv2 which uses
>Kerberos 5 technology.

Sorry, but this is not correct.

NTLMv1 and NTLMv2 are authentication protocols based on Windows NT 4
domains, that can provide a "transparent" Browser authentication.
Take a look here for more technical details:
http://davenport.sourceforge.net/ntlm.html

Kerberos is available starting from Windows 2000 domains based on
Active Directory directory service.
Authentication against Active Directory can be done using NTLMv1,
NTLMv2, Kerberos or LDAP.

Current Squid Stable version can use the following protocols:

- LDAP against AD domains with built-in ldap_auth authenticator, but
only with the basic authentication schema that requires the browser's
Username/Password Pop-Up.
- NTLMv1 against NT 4 and AD domains with built-in winbind and
Samba's ntlm_auth authenticators.
- NTLMv2 against NT 4 and AD domains can be used only with Samba's
ntlm_auth authenticators

Kerberos should be available in Squid 3.0, with the implementation of
the generic SPNEGO authentication protocol.

Full NTLMv1/v2 support is available too in the Windows native port of Squid.

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Fri Aug 05 2005 - 05:59:36 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT