Search squid archive

Questions on research into using digest auth against MS AD2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




* What specific piece of the puzzle on the client side is it about the NTLM or kerberos authentication methods that allow the authentication traffic secure by sending only the credential hashes? (Am I correct in understanding that it is the ntlm_auth program that speaks to the NTLM client and negotiates for the credential hashes to be exchanged?)

* When squid is configured to use *digest* authentication, I understand that the traffic between the squid server and the LDAP server is encrypted . Is the traffic between the browser and the squid server also encrypted when using Digest? If so, how is it the client browser know to encrypt/hash the communications for the return trip to the server?

**Short of loading a program on a client machine, are there any proxy servers out there that can prompt for credentials while keeping secure the communication between the workstation and the proxy server? ** What is it that has to happen to ensure that the authentication traffic from any browser to any proxy server is encrypted?


* Considering the fact that I'm trying to use digest_ldap_auth against an MS LDAP/AD 2003 server that should be storing several precomputed digest hash versions of H(username:realm:password) that permit these hashes to be authenticated without requiring reversible encryption to be enabled on the account. (see technet article@: http://preview.tinyurl.com/5bxacn)

A) Is it even possible to use digest_ldap_auth to do digest authenticate against an Active Directory 2003's LDAP database server?

B) What would be a working example command line of a successful digest_ldap_auth test against an AD 2003 server? (In my attempts, I have been unable to identify the proper digest hash containing LDAP (-A) attribute to use in a lookup. I *THINK* this is because MS AD2003 expects the digest hash request to come via a SASL mechanism...which begs the question...is there a SASL mechanism that works with squid+AD2003?)

* What would help me identify the necessary pieces of the puzzle so that I could configure such a successful lookup?


For what it's worth and/or if you have any questions about how or why I'm doing things, I'm keeping all my notes about this project on one of my wiki pages. (http://preview.tinyurl.com/6fgyf8) maybe it will help others.

--
Richard

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux