Navjeet wrote:
We have been using squid in our development environment. Squid has
been forwarding all the internet bound traffic to a proxy server that
did not need any authentication until now. But that has changed now
and now we have use another proxy server that uses NTLM based
authentication. Now our servers in this development environment only
have local users (users logging in are not authenticated Windows AD).
Does the Squid NTLM authentication setup still work in this setup?
Sort of. Squid can be placed into a passive config where it simply
passes authentication to/from the upstream proxy (login=PASS and
connection-auth options to cache_peer). The downside of this is that due
to the nature of NTLM etc the relaying Squid is not able to be
authenticating anyone itself.
The very latest 3.HEAD(3.2) code is being upgraded to let Squid do
Kerberos login with peers as if it was a client browser. NTLM is not an
option.
> Can
the NTLM setup be configured to use specified user (and password
hopefully encrypted ) that can be specified in some configuration
file.
No. Please read up on how NTLM works. Squid only ever sees encrypted
hashes of the login details. Other than the HEAD version mentioned above
all other Squid require the authentication method between Squid and the
per to be done with Basic auth.
This is needed as many of our applications (Tomcat, ESB etc )
are headless (i mean not just a web browser) and they now need to go
thru this new proxy server.
Do you mean the requests they make to the Internet need to be done that way?
... or that your Squid is actually meant to be a reverse proxy to access
them?
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE19
Current Beta Squid 3.1.0.13
