Hi,
At 22.17 04/08/2005, Brian E. Conklin wrote:
AD is merely an LDAP storage container. Microsoft's authorization schemes
still continue to use NTLM. Currently it is actually NTLMv2 which uses
Kerberos 5 technology.
Sorry, but this is not correct.
NTLMv1 and NTLMv2 are authentication protocols based on Windows NT 4
domains, that can provide a "transparent" Browser authentication.
Take a look here for more technical details:
http://davenport.sourceforge.net/ntlm.html
Kerberos is available starting from Windows 2000 domains based on
Active Directory directory service.
Authentication against Active Directory can be done using NTLMv1,
NTLMv2, Kerberos or LDAP.
Current Squid Stable version can use the following protocols:
- LDAP against AD domains with built-in ldap_auth authenticator, but
only with the basic authentication schema that requires the browser's
Username/Password Pop-Up.
- NTLMv1 against NT 4 and AD domains with built-in winbind and
Samba's ntlm_auth authenticators.
- NTLMv2 against NT 4 and AD domains can be used only with Samba's
ntlm_auth authenticators
Kerberos should be available in Squid 3.0, with the implementation of
the generic SPNEGO authentication protocol.
Full NTLMv1/v2 support is available too in the Windows native port of Squid.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@xxxxxxxxxxxxxxxxx
WWW: http://www.acmeconsulting.it/
