On 22/10/2015 10:33 a.m., Alex Samad wrote: > Would it be fair to say best practice is to get kerbose working in favour > of ntlm ? Best Practice is not to have NTLM at all. In the same way that its best practice not to use 8-bit (1 letter) passwords. NTLM was formally deprecated in 2006 by MS. Kerberos was added in 1998. You should not be using NTLM at all by now unless you are running software that has not been updated since before 2001 and still requires NTLM as its only possible authentication scheme. I'm really not joking when I write that Basic auth is more secure than NTLM. The simple fact that everyone is aware of the weakness in Basic auth credentials means a lot of extra protection has gone into keeping them secure and safe. NTLM can trivially be auto-downgraded to LanMan which is just as insecure - but still treated widely as if it were a magically "secure and unbreakable" auth even though its crypto was obsolete almost 20 years ago. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
