On Feb 18, 2008 7:37 AM, Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote:
> On Mon, Feb 18, 2008, Dwyer, Simon wrote:
>
> > I believe they want to authenticate twice but I do not really see the point.
> > They will have to authenticate with the sharepoint no matter what happens.
> >
> > Is it possible to get squid to authenticate a user using Active Directory
> > while reverse proxying?
>
> I'm not sure if Squid can do NTLM authentication as an origin server.
> I know it can just pass through the requests and let the sharepoint server
> do authentication.
>
> Henrik? Robert? Kinkie?
It should work just fine, there's nothing in the code that I remember
preventing it. The only way to be sure is "just trying" :)
Authenticating in NTLM over the Internet however is, in my opinion,
pointless and even dangerous - even Microsoft recommends against it
(or at least used to).
It allows anyone on the Internet to mount a wide range of DOS attacks
against AD - I'm not talking about a performance DOS, what I'm
referring to is the possibility to lock one (or all) users out of
logging on their PC.
--
/kinkie
