Search squid archive

Re: Kerberos and NTLM authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Guys,

I ran some more tests.
Only authentication with 'Basic' - worked on devices inside and outside the domain, but asks for password; With only authentication 'Kerberos' - worked in the domain and does not prompt for password;
Authentication 'Kerberos' and 'Basic':
1 - worked in the domain but asked the password out of the domain;
2 - out of the domain in 'Internet Explorer' without integrated authentication in the format DOMAIN\user worked; 3 - adding the 'auth_param negotiate keep_alive off' option, worked in Firefox and worked in 'Internet Explorer' with the integrated authentication option checked.

In short, adding the option 'auth_param negotiate keep_alive off' worked. In Firefox you can simply enter the username and password and the 'Internet Explorer' is necessary to inform DOMAIN\user.

Em 15/05/2013 22:12, Brett Lymn escreveu:
On Wed, May 15, 2013 at 10:00:18PM -0300, Carlos Defoe wrote:
As far as i know, the only auth mech that will prompt for password is
the basic one, so you're not enabling one per time.

I believed that IE will prompt credentials when using NTLM
iff the machine is not part of the domain.  It also seems that it will
prompt if the proxy is configured for kerberos and basic auth but the
machine is not part of the domain so kerberos won't work, in this case
the authentication never succeeds (hence why I suggested turning off
IWA).  Not sure if this behaviour is a bug or desired behaviour.






[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux