On Tue, 15 Mar 2011 14:20:03 -0500, Oscar AndrÃs Eraso Moncayo wrote:
As I do so that users are not authenticated by dansguardian and
access directly to the Internet,
I have problems with dansguardian and authentication in Web
applications with Java.
ntlm_smb_lm_aut I use for user authentication.
I add the next lines in the squid.conf for exclude users of
authentication,
acl no_auth src ipuser
http_access allow no_auth
and works well with squid, but i need to exclude the ipuser in
dansguardian,
Yes you do.
Also, please read this:
http://www.zdnet.com/blog/security/security-flaws-haunt-ntlmv1-2-challenge-response-protocol/7136
Scared? hopefully you are, the ntlm_smb_lm_auth helper is an exploit
for that vulnerability.
Any modern system (circa 1998) which successfully logs into your proxy
is badly vulnerable to attack.
Please at least use ntlm_auth by the Samba project or upgrade the whole
way to Kerberos.
Amos
