On Sun, 20-Sep-2009 at 00:29:12 +1200, Amos Jeffries wrote:
> Andre Albsmeier wrote:
> > On Thu, 10-Sep-2009 at 14:55:23 -0400, Navjeet wrote:
> >> We have been using squid in our development environment. Squid has
> >> been forwarding all the internet bound traffic to a proxy server that
> >> did not need any authentication until now. But that has changed now
> >> and now we have use another proxy server that uses NTLM based
> >> authentication. Now our servers in this development environment only
> >> have local users (users logging in are not authenticated Windows AD).
> >> Does the Squid NTLM authentication setup still work in this setup? Can
> >> the NTLM setup be configured to use specified user (and password
> >> hopefully encrypted ) that can be specified in some configuration
> >> file. This is needed as many of our applications (Tomcat, ESB etc )
> >> are headless (i mean not just a web browser) and they now need to go
> >> thru this new proxy server.
> >
> > If you want something like this:
> >
> > no auth NTLM auth
> > clients -------> squid ---------> NTLM based proxy ---> world
> >
> > I think this is not possible with squid. I worked around this
> > same problem with cntlm using:
> >
> > no auth no auth NTLM auth
> > clients -------> squid -------> cntlm ---------> NTLM based proxy ---> world
> >
> > cntlm runs on the same machine as squid does. However, I were
> > happy if the cntlm functionality could be brought into
> > squid one day...
>
> Your wish is granted ;)
Oh, that's good news, thanks!
>
> 3.2 will have Kerberos login to cache_peer servers. The code is already
> committed to the 3.HEAD alpha releases.
Now I am confused: You talk about Kerberos, I thought of NTLM
(NTLMv2 to be exact). In cntlm I simply enter my NTLMv2 hash
and it authenticates happily to its upstream. With Kerberos,
I always think about tickets, krb-servers and so on. To be
honest, I have never been into Windoze's NTLM stuff a lot (I
am just happy it works) neither used Kerberos until now.
Will there be some kind of How-To for using this new feature?
Thanks a lot for your great work on squid,
-Andre
--
Note: No Micro$oft programs were used in the creation or distribution
of this message. If you are using a Micro$oft program to view
or forward this message, be forewarned that I am not responsible
for any harm you may encounter as a result.
