This might be slightly controversial... :)
When accessing Squid from a Windows machine that is not logged onto a
domain, Internet Explorer presents the user with a proxy authentication
dialogue box for NTLM authentication, which requires the user name to be
entered as DOMAIN\user. Other software may instead choose to use basic
auth (handled by the basic_pam_auth authenticator) and pops up a similar
authentication box which requires the bare user name (no "DOMAIN\").
It is often not clear to the user that there is a difference between
these popup boxes, so they may not know whether or not to include the
windows domain. The attached patch modifies basic_pam_auth so that the
user can enter their user name as a bare name, "DOMAIN\user" or
"user_at_domain" and strips the domain part off so that the bare user name
can be authenticated against PAM.
This should simplify things for the users, since they can just be told
to enter their details in the "DOMAIN\user" format everywhere and it
should just work. Obviously not much use in a multi-domain setup, but
presumably one wouldn't be authenticating against PAM in such a
situation anyway (?).
--
- Steve Hill
Technical Director
Opendium Limited http://www.opendium.com
Direct contacts:
Instant messager: xmpp:steve_at_opendium.com
Email: steve_at_opendium.com
Phone: sip:steve_at_opendium.com
Sales / enquiries contacts:
Email: sales_at_opendium.com
Phone: +44-844-9791439 / sip:sales_at_opendium.com
Support contacts:
Email: support_at_opendium.com
Phone: +44-844-4844916 / sip:support_at_opendium.com
This archive was generated by hypermail 2.2.0 : Wed Mar 06 2013 - 12:00:05 MST