Ariel Frozza wrote: > I'm confused about the use of NTLM authentication. > What's the relationship betwen Samba PDC, Winbind and Squid? Basically, it's a Windows-type way of encoding authentication (e.g. username and password) details. The idea is that if passwords get sent over a network in "plain text", an attacker who is in a position to look at network traffic can "sniff" the passwords out of passing network traffic. If the attacker can get control of a computer on a "subnet" through which the password travels, it's fairly easy to watch all the data on that network. So NTLM is one of several schemes that make use of "one-way encryption". It's possible for the client to prove that it has the correct password, without the password itself ever being sent over the network. So Samba may have clients that want to talk NTLM at it, and Winbind has to talk NTLM to whatever it's authenticating against. Squid is in an interesting position because it may need to talk NTLM to an "upstream" (further away from the clients) proxy, or the web server, or to an "authentication server" (to ensure that a client has logged in with the correct username and password). And it may need to talk NTLM to browsers to get usernames and passwords to pass on to other servers. The important thing is that you *don't* consider NTLM to be authentication in itself -- just an encoding technique. Hope this helps, James. -- E-mail address: james | They say that every cloud has a silver lining, which @westexe.demon.co.uk | must be a bit alarming for airline pilots... | -- "I'm Sorry, I Haven't A Clue", BBC Radio 4 -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list