Dion Beauglehall wrote:
Hi, I am looking to provide an "invisible" challenge to users broswers to get their user/password details and authenticate that against LDAP. I notice that in the v3 (or 3.1?) build of Squid, the FakeAuth helper has an option to strip the domain from windows users, which should do what I want. However, there is currently no Windows build available with this option. Now, I don't want to put undue stress on anyone (because I appreciate you are (nearly?) all volunteers), so I don't mind, but I am wondering if anyone is able to either: a) be willing to compile and provide a windows executable of a versions of FakeAuth which has the -S (strip domain) option (assuming it will work with Squid 2.7 - I am willing to give it a go if no-one sees a reason why not) or b) give some guidelines how I can build/compile just the FakeAuth helper for windows (given I haven't done any decent C programming in over a decade, and even that was small-fry stuff...).
All volunteers here. If you are able to spare a bit of coinage I woudl recommend throwing it towards Guido of Acme Consulting for a binary build. That will also go a small way towards helping the Windows port stay afloat.
http://squid.acmeconsulting.it/
Alternatively - any other options of providing an "invisible" challenge to users, which I can then authenticate against LDAP?
There is no such thing as an invisible challenge. Squid makes all challenges in the same way. Whether the browser informs the user about requests for their login credentials is up to the browser.
I very much doubt you will be able to get a good browser that passes unencrypted info on demand like that. If I understand your other emails LDAP is sending the username/password to Squid.
NTLM only manages the silent way accepted because the username/password are not transferred.
Also, Fake Auth is designed to accept a user that presses enter twice in the login box.
Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14
