> Hi,
Hello
> I have just got MSNT authentication up and running to the
> point that on
> opening a browser the user is asked to authenticate to their domain.
>
> This is great as it enables us to log the username in the access.log,
> something very important when you have a university full of
> mischievous
> students. We currently have a systems for this but it
> involves a great deal
> of trawling through various NT/Novell logs.
>
> What I would like to know is if it is possible to auto
> authenticate to a
> domain, so that those users who have NT domain accounts (and
> have therefore
> authenticated to the domain on login) don't have to
> re-authenticate each
> time they open a browser.
Yes, but only with the daily snapshots of the NTLM branch of Squid 2.5
or from CVS-sourceforge (tag: auth_rewrite or ntlm).
BTW: this is only possible with Internet Explorer, 4 or 5, on
win32 platforms.
> Something else I'd like to know is if there is any way of
> authenticating to
> an unknown domain, eg. If someone wants to publish to a
> remote FrontPage
> server using NTLM.
I am not sure if I understand you correctly, but if I do,
it's not possible. NTLM cannot go throught a proxy by
design, as it required end-to-end state, which obviously
a proxy can't provide.
> Could the transparent proxying ability of
> netfilter in
> Linux kernel 2.4 solve this?
No. It can't be used with proxy-authentication at all, since
the clients will get unexpected answers and freak out.
-- /kinkieReceived on Wed Mar 21 2001 - 15:21:32 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:46 MST