Re: [squid-users] Single Logon

From: Gerard Eviston <geviston@dont-contact.us>
Date: Fri, 13 Sep 2002 00:54:33 +1000

On Fri, 13 Sep 2002 00:16, G Welter wrote:
> >>> Gerard Eviston <geviston@bigpond.net.au> 09/12/02 03:46PM >>>
>>
>> One alternative would be to use NT for authentication {winbind or
>> ntlm_auth} and NDS via LDAP {ldap_group} for access control. The upside is
>> that it's working for me with 2.5.PRE11. The downside is that you need an
>> NT domain (or samba? but thats another question) for any sort of
>> transparent authentication and then you have to keep usernames in sync with
>> NDS. See todays
>> squid_ldap_group thread for another catch. Then again, if you are going to
>> put in a domain then you could use NT groups instead of NDS groups.
> >>>
>
> But us Novell 'followers' would like to cut as much as Microsoft servers
> out of the middle. Every server needs maintenance. MS servers some more.
> Especially in our educational environment where we train youngsters in
> IT-technology. Some of them are crackers in the bud...
>
> Gerben.

I totally agree, but until browsers begin to support other methods of
transparent authentication, you're stuck with NTLM. You can regulate who gets
access to what via NDS using my suggestion above, and I'm sure you can do it
just as well with e-directory as you suggested earlier, but the bottom line
is that you need to maintain a server which supports NTLM.
Received on Thu Sep 12 2002 - 08:52:03 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:18 MST