2nd thought: Re: [SQU] Announcing NTLM authentication support for Squid.

From: Robert Collins <robert.collins@dont-contact.us>
Date: Sat, 26 Aug 2000 09:04:27 +1000

Maybe we should announce this on squid-users, not just squid-dev?

any thoughts?

----- Original Message -----
From: "Henrik Nordstrom" <hno@hem.passagen.se>
To: "Chemolli Francesco (USI)" <ChemolliF@GruppoCredit.it>
Cc: <squid-dev@squid-cache.org>
Sent: Saturday, August 26, 2000 4:16 AM
Subject: Re: [SQU] Announcing NTLM authentication support for Squid.

> Have you gotten any feedback from any users on this yet? Has been
> depressingly quiet on the lists...
>
> /Henrik
>
>
> Chemolli Francesco (USI) wrote:
> >
> > In the last weeks, Robert Collins and I worked at implementing NTLM (aka
> > microsoft-internet-explorer-without-credentials-requester)-style
> > authentication for Squid.
> >
> > We're proud to announce that we've reached a test-able state: there's
still
> > more than a bit of work to do to clean up and smooth around the edges,
but
> > the functionality is there.
> >
> > In order to work it needs to rely on a Domain Controller (Samba is fine)
to
> > actually perform the authentication operation. If you're authenticating
> > against multiple domains, they must be trusted by the Domain Controller
> > you're using for the authentication operation.
> >
> > It's not for the weak of heart yet. We expect to get bugreports, please
> > include debugging information when you have problems (when, not if). A
> > backtrace and cache.log snippet are the preferred form of information.
> >
> > To get it, access cvs using "ntlm" as release tag. To build it,
configure
> > using as arguments at least
> > --enable-ntlm-authentication --enable-ntlm-auth-modules="NTLMSSP"
> > (plus any other configuration options you might wish to use - watch out
for
> > --enable-basic-authentication, it's new, and without it you do not have
> > basic authentication.)
> >
> > You might want to edit squid/ntlm_auth_modules/NTLMSSP/ntlm.h for some
> > settings that will eventually be turned into command-line arguments,
then
> > build and install as usual.
> >
> > A new configuration option was introduced,
> > "authenticate_program_ntlm". Just point it to the ntlm_auth executable,
> > with options "-d domain -s server". The latter is the DC you're going to
> > authenticate against, the former is the domain that server belongs to.
> >
> > We'll add details about the protocol and the implementation in some
README
> > file sometime in the future (not too far hopefully).
> >
> > We encourage anybody willing to try to give it a spin, as our aim is
> > inclusion in the 2.4 release but to get that we need testing.
> >
> > --
> > ing. Francesco Chemolli
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
Received on Fri Aug 25 2000 - 16:55:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:35 MST