[SQU] Announcing NTLM authentication support for Squid. from Robert Collins on 2000-08-25 (squid-users)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Sat, 26 Aug 2000 10:16:11 +1000

This was originally crossposted to squid-users & squid-dev, but hypermail
has only archived it to squid-dev.

If you have already read it, stop here!

Rob

----- Original Message -----
From: "Chemolli Francesco (USI)" <ChemolliF@GruppoCredit.it>
To: "'squid-dev'" <squid-dev@squid-cache.org>
Sent: Thursday, August 24, 2000 4:49 PM
Subject: Announcing NTLM authentication support for Squid.

> In the last weeks, Robert Collins and I worked at implementing NTLM (aka
> microsoft-internet-explorer-without-credentials-requester)-style
> authentication for Squid.
>
> We're proud to announce that we've reached a test-able state: there's
still
> more than a bit of work to do to clean up and smooth around the edges, but
> the functionality is there.
>
> In order to work it needs to rely on a Domain Controller (Samba is fine)
to
> actually perform the authentication operation. If you're authenticating
> against multiple domains, they must be trusted by the Domain Controller
> you're using for the authentication operation.
>
> It's not for the weak of heart yet. We expect to get bugreports, please
> include debugging information when you have problems (when, not if). A
> backtrace and cache.log snippet are the preferred form of information.
>
>
> To get it, access cvs using "ntlm" as release tag. To build it, configure
> using as arguments at least
> --enable-ntlm-authentication --enable-ntlm-auth-modules="NTLMSSP"
> (plus any other configuration options you might wish to use - watch out
for
> --enable-basic-authentication, it's new, and without it you do not have
> basic authentication.)
>
> You might want to edit squid/ntlm_auth_modules/NTLMSSP/ntlm.h for some
> settings that will eventually be turned into command-line arguments, then
> build and install as usual.
>
> A new configuration option was introduced,
> "authenticate_program_ntlm". Just point it to the ntlm_auth executable,
> with options "-d domain -s server". The latter is the DC you're going to
> authenticate against, the former is the domain that server belongs to.
>
>
> We'll add details about the protocol and the implementation in some README
> file sometime in the future (not too far hopefully).
>
> We encourage anybody willing to try to give it a spin, as our aim is
> inclusion in the 2.4 release but to get that we need testing.
>
> --
> ing. Francesco Chemolli
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Received on Fri Aug 25 2000 - 18:10:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:05 MST