Guillaume wrote: > Do you know what is the difference between basic authentication and > NTLM authentication? Basic authentication is an Internet standard that is fully compatible with the stateless nature of HTTP, is easily integrated with most authentication backends, and works in virtually all browsers. Users will be prompted for a username and password when starting a browsing session. Passwords are not encrypted between the browser and Squid NTLM authentication is Microsoft's attempt to force a session-oriented authentication protocol onto the inherently stateless HTTP (which qualifies as a hack that breaks the protocol). Because it uses Microsoft's NTLM hash, the password is never sent across the network. It integrates easily with a Windows-style domain, and has the added advantage of users not being prompted for a username and password. However, it requires many more running auth helpers, increasing the load on your Squid server. A third authentication option, digest, solves the security issues of basic while remaining fully compatible with the HTTP protocol. However, it is more difficult to integrate with an authentication backend than basic. Adam
