[squid-users] Extract username and write it to the log file without NTLM?

From: <sdavy@dont-contact.us>
Date: Wed, 16 Jun 2004 09:53:12 +0100

Yes, I guess you mean the fake_auth ntlm authenticator. But in my optinion
there is a problem with it: Mozilla now supports NTLM auth on all the
platform, but you are prompted for a login/passwd. With the fake_auth, you
can put whatever you want as there is no check. With MSIE, there is no
prompt so it's more difficult to spoof. And if you have a look inside this
fake_auth, you'll see some comment from the authors telling that it
shouldn't be used in production as it is a proof of concept authenticator.

---
Stéphane Davy - Consultant Alcôve
                                                                                                                                                      
                      Hendrik Voigtländer                                                                                                             
                      <hendrik@voigtlaenders    Pour :   sdavy@bics.fr                                                                                
                      .net>                     cc : squid-users@squid-cache.org                                                                      
                                                Objet :  Re: [squid-users] Réf. : [squid-users] Extract username and write it to the log file without 
                      15/06/2004 17:41               NTLM?                                                                                            
                                                                                                                                                      
                                                                                                                                                      
sdavy@bics.fr wrote:
> But what is wrong with NTLM? If your users use MSIE, they won't be
prompted
> during authentication when using the NTLM scheme, it is transparent and I
> think this is what you want, isn't it?
>
> You'll need to setup Samba in order to have NTLM and authentication on
> Active Directory, but everything is in the Squid FAQ
>
Not really. I have done some successfull testing with NTLM-dummy
authenticators.
Who cares about the password if you just want the username? No need to
check it with Samba/AD.
Regards, Hendrik
Received on Wed Jun 16 2004 - 02:00:03 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:02 MDT