Re: authentication on NT PDC

From: Martin Brooks <martin@dont-contact.us>
Date: Wed, 05 Jul 2000 19:02:20 +0100

At 18:56 05/07/00 +0000, Thomas Mueller wrote:
>Hi,
>
>our company plans to set up a proxy soon and I have some questions:
>
>1. We want to authenticate our users against the NT domain and I found two
> authentication programs which can do this and are included in
> squid2.3.stable3: smb_auth and msntauth. Any suggestions which one would
> be preferable?

I've had great success with smb_auth.

>2. Some people in our company are concerned about any passwords which may be
> cached by the authentication programs or squid in some file in plain text.
> Are these password cached somewhere (where?) and are they encrypted?

Passwords are sent to Squid in plain text format. Soemone sniffing your
local network could potentially intercept this. As I understand it, the
password is not cached by Squid itself but is presented each time by the
browser. This adds up to an increase in the amount of authenication your
PDC(s)/BDC(s) will be doing.

>3. Are the user names and passwords encrypted when sent over the network
> (browser --> squid, smb_auth|msntauth --> PDC)?

browser->squid, no
smb_auth->PDC, kinda. they are sent as a LANman hash.

Regards

Martin A. Brooks
------------------------------------
The package said Windows NT 4 or better - I installed Linux.
Received on Wed Jul 05 2000 - 12:07:56 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:21 MST