FYI, I cloned from the git repo and built it. I was able to connect to my VPN through the proxy without any glitches. Marc-Andr? Laverdi?re-Papineau Researcher - e-Security Team TCS Innovation Labs On 06/19/2014 03:28 AM, David Woodhouse wrote: > On Wed, 2014-06-18 at 18:14 +0100, David Woodhouse wrote: >> On Wed, 2014-06-18 at 10:44 +0100, David Woodhouse wrote: >>> I don't have access to a proxy requiring authentication. I could perhaps >>> set up squid to require basic auth, but NTLM and Kerberos are harder. If >>> I could have access to a proxy that requires such, then I might be more >>> inclined to implement this myself... >> >> It turns out to be relatively simple to set up a copy of squid to do >> Basic, NTLM and Negotiate auth against Active Directory, so I've done >> so. >> >> I've pushed some initial changes which make Basic auth work, and I may >> take a look at NTLM and Kerberos/GSSAPI if nobody beats me to it. Once >> it's working, I may take another look at the structure of it. > > With what I pushed a few minutes ago NTLM now also works, although > *only* the single-sign-on version using Samba's /usr/bin/ntlm_auth > helper tool and winbind. > > Manual NTLM authentication where you actually give it the username and > password isn't implemented ? that's left as an exercise for the reader > (hint: there's a LGPLv2-compatible implementation to copy from in > https://git.gnome.org/browse/evolution-data-server/tree/camel/camel-sasl-ntlm.c which even supports NTLMv2. Around line 873 is the interesting part). > > I'm more likely to do GSSAPI next, rather than the boring gruntwork of > porting that code over. But definitely not today. Do feel free to help > out :) > > Reviewing the other code I've hastily thrown together may also prove > fruitful... >
