You might try squid_kerb_auth which uses Negotiate/Kerberos instead of NTLM
or Negotiate/NTLM.
Markus
"Matias Chris" <lists_at_matiaschris.com.ar> wrote in message
news:524a49fb0811270930j266c85d0me36f232c4f04416d_at_mail.gmail.com...
> Henrik,
>
> I have tried LDAP authentication in the past and stop using it becouse
> of the passwords being sent in clear text. I read about TLS but then I
> would need my DC to be a CA and that is not feasible at the moment. So
> Im testing NTLMSSP now, but is not being very stable and also read
> that is not recommended for networks with more than 200 users.
>
> Is this the end of the road? Is there any other method Im missing to
> authenticate users against AD?Transparently?
>
> Thanks,
>
> On Tue, Nov 18, 2008 at 6:59 AM, Henrik Nordstrom
> <henrik_at_henriknordstrom.net> wrote:
>> On fre, 2008-11-14 at 10:31 -0600, Johnson, S wrote:
>>
>>> I just got the squid_ldap_auth working ok on my segment but when
>>> watching the protocol analyzer I see that the auth requests against the
>>> AD are coming in as clear text passwords. Is there anyway we can
>>> encrypt the ldap domain requests?
>>
>> By AD do you refer to Microsoft AD? In such case use NTLM authentication
>> instead of LDAP.
>>
>> You can also TLS encrypt the LDAP communication, but this does not
>> protect the credentials sent by browsers to Squid, just the
>> communication squid->LDAP.
>>
>> Regards
>> Henrik
>>
>>
>>
>
Received on Thu Nov 27 2008 - 20:59:51 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 28 2008 - 12:00:04 MST