Re: [SQU] Announcing NTLM authentication support for Squid. from Henrik Nordstrom on 2000-08-25 (squid-dev)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 25 Aug 2000 20:16:31 +0200

Have you gotten any feedback from any users on this yet? Has been
depressingly quiet on the lists...

/Henrik

Chemolli Francesco (USI) wrote:
>
> In the last weeks, Robert Collins and I worked at implementing NTLM (aka
> microsoft-internet-explorer-without-credentials-requester)-style
> authentication for Squid.
>
> We're proud to announce that we've reached a test-able state: there's still
> more than a bit of work to do to clean up and smooth around the edges, but
> the functionality is there.
>
> In order to work it needs to rely on a Domain Controller (Samba is fine) to
> actually perform the authentication operation. If you're authenticating
> against multiple domains, they must be trusted by the Domain Controller
> you're using for the authentication operation.
>
> It's not for the weak of heart yet. We expect to get bugreports, please
> include debugging information when you have problems (when, not if). A
> backtrace and cache.log snippet are the preferred form of information.
>
> To get it, access cvs using "ntlm" as release tag. To build it, configure
> using as arguments at least
> --enable-ntlm-authentication --enable-ntlm-auth-modules="NTLMSSP"
> (plus any other configuration options you might wish to use - watch out for
> --enable-basic-authentication, it's new, and without it you do not have
> basic authentication.)
>
> You might want to edit squid/ntlm_auth_modules/NTLMSSP/ntlm.h for some
> settings that will eventually be turned into command-line arguments, then
> build and install as usual.
>
> A new configuration option was introduced,
> "authenticate_program_ntlm". Just point it to the ntlm_auth executable,
> with options "-d domain -s server". The latter is the DC you're going to
> authenticate against, the former is the domain that server belongs to.
>
> We'll add details about the protocol and the implementation in some README
> file sometime in the future (not too far hopefully).
>
> We encourage anybody willing to try to give it a spin, as our aim is
> inclusion in the 2.4 release but to get that we need testing.
>
> --
> ing. Francesco Chemolli
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Aug 25 2000 - 16:47:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:35 MST