[squid-users] ntlm auth and browser dialog

From: Rolf <rolf@dont-contact.us>
Date: Mon, 25 Sep 2006 17:46:30 +1000

hello

I am currently using Basic auth against an Active Directory Server,
including a group membership authorisation check.
Its great, except that cleartext passwords travelling over the wire
are a concern and I would like to avoid that if possible.

I am investigating changing to NTLM authentication to do the same
job. More or less as per this article
http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM?
highlight=%28ConfigExamples%29

Firstly is it true that NTLM auth is a bit more secure as it avoids
passing the credentials in the clear over the wire?
Secondly is the design of NTLM - having the squid box "joined" to the
AD domain - intended to remove the need to send a proxy auth request
to the browser, instead using the AD data?

What I wish to do is preserve the dialog box presentation in the
browser to show the Realm string and request user/pass as happens now
using Basic Auth, but use NTLM instead.

Does this make sense and is it possible?

many thanks

rolf.

This message may contain confidential information which is intended only for the individual named.
If you are not the named addressee you should not disseminate, distribute or copy this email.
Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system.
Email transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses.
The sender therefore does not accept liability for any errors or omissions
 in the contents of this message which arise as a result of email transmission.
If verification is required please request a hard copy version.
Received on Mon Sep 25 2006 - 01:46:40 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:04 MDT