Re: [squid-users] ISA Server 2006 as cache_peer for Squid 2.6 using Kerberos or NTLMv2 authentication from Henrik Nordstrom on 2007-06-28 (squid-users)

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 28 Jun 2007 22:50:33 +0200

tor 2007-06-28 klockan 16:17 +0200 skrev Wisskirchen, Dominik /Z22:

> Can I use a ISA Server 2006 as a cache_peer for Squid 2.6 using a
> Kerberos or NTLMv2 authentication?

Yes. Just use "login=PASS" on the cache_peer line and Squid-2.6 will
allow passthru authentication, including the microsoft "schemes"..
(NTLM, Negotiate, Kerberos).

What you can't do is to have Squid automatically login with a defined
account to the upstream. That kind of operation is only supported using
Basic to the upstream.

> To clarify: I do NOT want clients of the Squid proxy to be
> authenticated, only the Squid proxy itself shall authenticate to the ISA
> Server.

Ah, right. So no, that can't be done with Squid.

The "NTLM Authorization Proxy Server" <http://ntlmaps.sourceforge.net/>
might be used, but that probably only supports NTLM(v1), not NTLMv2 or
Kerberos/Negotiate..

Regards
Henrik

application/pgp-signature attachment: Detta är en digitalt signerad meddelandedel

Received on Thu Jun 28 2007 - 14:50:39 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:05 MDT