Re: [squid-users] Enhancing NTLM Authentication to Remote Site Active Directory server

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 03 Nov 2011 10:38:19 +1300

 On Wed, 2 Nov 2011 15:52:05 +0200, Oguz Yilmaz wrote:
> --
> Oguz YILMAZ
>
>
>
> On Wed, Nov 2, 2011 at 1:44 AM, Amos Jeffries <squid3_at_treenet.co.nz>
> wrote:
 <snip>
>>
>> Firstly and most preferred is to move to Negotiate/Kerberos
>> authentication.
>> It is more than twice as efficient as NTLM and offers modern
>> security
>> algorithms for much higher security.
>>
>>
>
> Does Negotiate/Kerberos auth support transparent authentication for
> client browsers? What is the replacement for ntlm challenge/response?

 Operationally Kerberos is essentially an updated version of NTLM. It
 has all the same features and uses as NTLMv2. The differences are most
 in the administrative side, with different tools to manage it.

>
> Is this the right page to start?:
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos

 Yes.

 Amos
Received on Wed Nov 02 2011 - 21:38:28 MDT

This archive was generated by hypermail 2.2.0 : Thu Nov 03 2011 - 12:00:02 MDT