> but it is possible to "dirty trick" output the username and
> password from
> the NTLMSSP authenticator into the smb_auth helper? Recoding
> NTLMSSP to only
> pass the user/pass to smb_auth if NTLM auth succeedes...
>
> 1. ntlm challenge, helpers gets username and passwd and
> validates user,
> 2. NTLMSSP helper passes values on to smb_auth which tests
> the uers ability
> to view a file
> 3. user can view file theire in appropriate group
> 4. smb_auth returns OK response and squid goes on,
It's not possible. smb_auth requires the plaintext password to
connect to the share, and NTLMSSP doesn't have any to provide.
You could maybe hack something to this effect into NTLMSSP, but I
don't think it's a good thing(tm).
Where I work, we use some custom database storing user permissions,
and dump the result of some queries via asp/HTTP to some squid
configuration files for squid to use.
I am sure you can do something similar with NT groups. Just ask
your resident ASP guru.
-- /kinkieReceived on Thu Mar 22 2001 - 02:03:38 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:47 MST