This new head of squid 2.5 is great!!!
Just by doing this:
auth_param ntlm program /usr/local/squid/libexec/squid/ntlm_auth cit/roma
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/squid/bin/msntauth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
and adding auth acls, I get ntlm auth for all windows IE users and msntauth
for netscape and linux users.
However I still wish it could be combined with digest to make the
authentication more secure.
I know now this cannot be done with ntlm, but what about msntauth?
The helper available for digest (I still cannot get a digest auth program
installed) is password, that I would guess to involve maintaining a password
file for accessing users. That was why I turned to msnt and now ntlm in the
first place. We have all users using windoze so we might as well authenticate
them on our PDC.
But maybe the security cannot be improved before microsoft decides to upper
its security of it's authentication protocols?
Best regards,
Mads
Received on Thu Aug 09 2001 - 07:43:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:31 MST