On Wed, 2 Nov 2011 15:52:05 +0200, Oguz Yilmaz wrote:
--
Oguz YILMAZ
On Wed, Nov 2, 2011 at 1:44 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx>
wrote:
<snip>
Firstly and most preferred is to move to Negotiate/Kerberos
authentication.
It is more than twice as efficient as NTLM and offers modern
security
algorithms for much higher security.
Does Negotiate/Kerberos auth support transparent authentication for
client browsers? What is the replacement for ntlm challenge/response?
Operationally Kerberos is essentially an updated version of NTLM. It
has all the same features and uses as NTLMv2. The differences are most
in the administrative side, with different tools to manage it.
Is this the right page to start?:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
Yes.
Amos
