On Wed, 9 Apr 2003, at 2:29pm, gas5754@iperbole.bologna.it wrote:
> 1) What's the difference between smb authentication (basic
> authentication) and NTLM authentication?
There are two parts to the authentication question:
1. The method used for HTTP proxy authentication. That is, how to
communicate credentials (authentication information) between Squid and
the web browser (client). In Squid, these are found in the "src/auth"
directory of the Squid source distribution.
2. The method used to check the credentials obtained in step #1, above.
Squid calls these "authentication helpers". They are found in the
"helpers" directory of the Squid source distribution.
Squid 2.5 supports three types of HTTP proxy authentication (#1 above):
Basic, Digest, and NTLM. Basic is just a clear-text username/password.
Digest is a secure, standard method that unfortunately enjoys little support
currently. NTLM is a Microsoft bastardization of the HTTP protocol spec
that bolts three-stage NTLM authentication onto HTTP.
For helpers (#2 above):
For basic authentication, Squid supports several methods of verifying the
username/password credentials. It can check them against the native Unix
host system, NCSA stand-alone password files, an LDAP database, a Sun YP/NIS
database, or a Windows server. For authentication against a Windows server,
Squid can use the older peer-to-peer SMB protocols (directory
"helpers/basic_auth/SMB"), or the newer NTLM domain protocols (directory
"helpers/basic_auth/MSNT").
For NTLM-over-HTTP, Squid also supports multiple helpers. The "fakeauth"
and "no_check" helpers just accept everyone without checking the password.
The "SMB" helper is a stand-alone implementation of the NTLM domain
protocol. The "winbind" helper depends on the "winbindd" daemon. The
"winbind" helper is the preferred one, as it is more actively maintained and
works better.
-- Ben Scott <bscott@ntisys.com> | The opinions expressed in this message are those of the author and do | | not represent the views or policy of any other person or organization. | | All information is provided without warranty of any kind. |Received on Wed Apr 09 2003 - 08:02:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:53 MST