Re: [squid-users] squid and ntlm-like authentication in a native AD domain ?

From: Robert Collins <[email protected]>
Date: 07 Dec 2002 08:38:34 +1100

On Sat, 2002-12-07 at 08:27, Jakob Curdes wrote:
> If we have a domain without ntlm-enabled controllers, is there or will there
> be in foreseeable future a method to authenticate without username and
> password, as it was with ntlm ? In a message form H.N. I think there was a
> note about development in this direction, but it was not clear what status
> this thing has.
>
> (I know that I can run an NTLM-enabled PDC in native mode, but it might be
> that this is not possible because of "policy"...)

Well, if NTLM is off, then it's kerberos authentication that is needed.
To do that we need a couple of things:
1) To implement the MS-GSAPI kerberos over HTTP specification in general
2) To implement a helper that talks with AD, probably this would use
SAMBA again.

It will probably happen eventually, when a developer needs to scratch
this itch. Alternatively, if you need it soon, you could commission
someone (anyone with the requisite) to develop it for you. We'd happily
help such a person contribute the results back into squid. Some of the
squid developers do such contracted enhancements, send an email to
squid-dev@squid-cache.org if you want more information.

Rob

Received on Fri Dec 06 2002 - 14:38:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:53 MST