Re: [SQU] squid authentication using NTML/MSNT

From: Henrik Nordstrom <>
Date: Sat, 13 Jan 2001 20:42:41 +0100

Highly unlikely. The MS NTLM auth code is not even available for

What is available int 2.3 is the ability to verify the entered
username+password against a Windows NT domain using NTLM, which is a
quite different thing than MS NTLM proxy authentication.

If you need a squid with MS NTLM authentication support then you have to
get a Squid-2.5 development snapshot, or CVS to The "ntlm" branch on SourceForge is for continued
and experimental developments..

Henrik Nordstrom
Squid hacker
Morris Maynard wrote:
> Well, the 2.3-STABLE4 RPM does have support for NTLM auth, at least insofar as it will not complain about those options being in the config file. Also, I think that there are references to NTLM in some of the docs included with that distribution.
> Related to the source I got via CVS - there is a directory mentioned in the makefile (the one in the source root directory above the src directory), "auth_modules", which seems to not exist. Its use in the makefile seems to cause make to go into an endless loop when I do a "make" or "make clean". Removing it solves the loop problem.
> Also, in the example squid.conf file provided, the example line to specify the ntlm helper program is:
> "auth_param ntlm program /usr/local/squid/bin/ntlm_auth"
> when it should be
> "auth_param ntlm program /usr/local/squid/bin/ntlm_auth \\<domain>"
> It may be just my ignorance, but the only way I was able to find out that the program took an argument of the domain to authenticate against was by studying the source code. The only indication that there even was an error was a warning message in cache.log. Suggestion: shouldn't the domain name be an auth_param?
> Finally, a bug I noticed: if you only configure ntlm authentication without basic auth also being set up (not sure why you'd want to, other than debugging why ntlm doesn't work without having to deal with side effects caused by basic :)) then squid crashes with some sort of protection fault.
> Morris Maynard
> Mayn Idea, Inc.
> Phone: +1(609)585-1029
> Fax: +1(609)581-1389
> Email:
>  -----Original Message-----
> From: []
> Sent:   Thursday, January 11, 2001 4:10 PM
> To:     Morris Maynard
> Subject:        Re: [SQU] squid authentication using NTML/MSNT
> Ah, you were after the NTLM-auth helpers?
> Odd if you have received a binary RPM with NTLM support without getting
> any NTLM helpers..
> The NTLM support is under development and not in any of the stable
> releases yet. It will appear in Squid-2.5.
> --
> Henrik Nordstrom
> Squid hacker
> > --
> > To unsubscribe, see
To unsubscribe, see
Received on Sat Jan 13 2001 - 12:57:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:27 MST