# #######
# Negotiate
# #######
# http://wiki.squid-cache.org/Features/Authentication
# http://wiki.squid-cache.org/Features/NegotiateAuthentication
auth_param negotiate program /usr/bin/ntlm_auth --helper-protocol=gss-spnego --configfile /etc/samba/smb.conf-squid
auth_param negotiate children 10 startup=0 idle=1
auth_param negotiate keep_alive on
# #######
# NTLM AUTH
# #######
# ntlm auth
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --configfile /etc/samba/smb.conf-squid
auth_param ntlm children 10
#auth_param ntlm children 10 startup=0 idle=1
#auth_param ntlm keep_alive
# #######
# NTLM over basic
# #######
# warning: basic authentication sends passwords plaintext
# a network sniffer can and will discover passwords
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --configfile /etc/samba/smb.conf-squid
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
On 2 September 2015 at 11:15, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 2/09/2015 11:50 a.m., Alex Samad wrote:
>> Hi
>>
>> I have squid setup to use
>> NTLM and then faill back to basic.
>>
>> when it fails back to basic, my user put in
>>
>> firstname.surname@a.b.c which fails.
>>
>> if they put in firstname.surname it works
>>
>> is there some way to get squid to strip off the @<.*>
>
> That depends on which helper you are using to validate the Basic auth
> credentials. The ones which support it do so via a command line
> parameter. So check our helpers documentation to see if one exists to
> strip Kerberos/NTLM/Domain.
>
> Otherwise you can always script a helper for yourself.
>
>>
>> also is there some way to change the info in the dialogue box that pops up
>
> The only controllable part of the popup dialog is the Realm value. Set
> by the auth_param directives "realm" parameter.
>
> IIRC the realm is usually turned into the title bar, though some
> browsers show it in quotes in the text. The form and display of the
> popup is fixed and not manipulatable by any external server for security
> reasons that should be obvious.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
