Re: [squid-users] Advice: ntlm_auth from samba4 or negotiate_wrapper ?

From: Michele Bergonzoni <bergonz_at_labs.it>
Date: Tue, 16 Jul 2013 17:37:20 +0200

My sincere thanks to Amos for his deep insight and to Eugene for his
practical advice. This was of great help for me, and I think will help
future googlers as well.

Amos says:
> Popups you are trying to avoid is a browser feature. It is 100% up to
> the client to use the password manager and/or operating system settings
> which prevent it being needed.

You're right of course. Having no control over PC settings, I will try
to find the combination of offered mechanisms that gives the best
result, with the existing set of PCs and OSs.

> NTLMv1 would "work" because it allowed automatic
> down-grade of the security level to one of those broken (8-bit
> security!) mechanisms

Argghhhhhh... I didn't realize it was so broken.

> Hope this clarifies everything for you.

Yes, thank you a lot. I see it's not an obvious choice and I want to
meditate some more, for now it seems that samba4 ntlm_auth + [some
helper for authorization] could be my choice. I will try to keep basic
auth clients in some kind of ghetto and never worry about digest auth.

I will share here my final and tested configuration.

Thanks again,
                                Bergonz

-- 
Ing. Michele Bergonzoni - Laboratori Guglielmo Marconi S.p.a.
Phone:+39-051-6781926 e-mail: bergonz_at_labs.it
alt.advanced.networks.design.configure.operate
Received on Tue Jul 16 2013 - 15:37:28 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 16 2013 - 12:00:17 MDT