Re: [squid-users] Forwarding NTLM to BasicAuthentication from Henrik Nordstrom on 2008-06-11 (squid-users)

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Wed, 11 Jun 2008 17:14:42 +0200

On ons, 2008-06-11 at 02:29 -0700, a.s.d wrote:

> My idea is to build additional proxy (squid) witch can take authorization
> data from Windows client via NTLM and forward it to UTM.

Squid can do this, but only by sending a fake password. It does not have
access to the users actual password when using NTLM (only GINA on the
client workstation has knowledge of the users actutal password when
using NTLM... (not even the domain controller knows..)

See the login= cache_peer option for the available choices on how to
forward the authenticated user name to peer proxies.

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Wed Jun 11 2008 - 15:14:51 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 11 2008 - 12:00:05 MDT