Re: [squid-users] need some advice info that I didn't find on the FAQ aboutauthentication

The Basic HTTP authentication helpers MSNT (msntauth) / SMB (smb_auth) /
multi-domain-NTLM (smb_auth.pl) or winbind (wb_auth) is all different
variants of Basic HTTP authentication helpers allowing Squid to interact
with a Windows domain/network when verifying usernames. Each of these
uses sligly different approaches on how to connect to the Windows
network.

  msntauth uses a internal copy of smblib to verify a username+password.
  smb_auth uses smbclient from Samba. Can also restrict the list of
allowed users based on file permissions on a NT server.
  smb_auth.pl also uses the perl module Authen::Smb
  wb_auth uses winbind

The winbind Basic HTTP authentication helper is technically superior
compared to the others, but winbind is a still bit more complex to
install than the other approaches (hence the long FAQ entry on winbind).

In addition to this Squid also supports the NTLM authentication scheme
with its helpers: SMB (ntlm_auth), winbind (wbntlm_auth). These should
not be confused with their Basic HTTP authentication helpers with
similar names. The NTLM authentication scheme is what microsoft calls
"Integrated login", and allows users of MSIE who are already logged on
to the domain on their desktop access to the proxy as the same user
without having to login again.

There is also some (1) helper for the Digest authentication scheme which
is a reasonably secure authentication scheme for HTTP, but due to design
it cannot as easily integrate with standard user directories as the
cache server never receives the user password..

Regards
Henrik

Arno_STREULI@ca-indosuez.ch wrote:

> I need some clear information what is the main difference between NTLM, SMB and
> MSNT authentication ?
>
> I'm trying to setup the authentication transparently for a multi-domain NT, but
> their is nothing realy clear on how to do it. It's said that I have to use
> winbind for smb and ntlm, ok, what about msnt ?
> If I look FAQ, I have to install ton of software copy include file here, make
> software their, but at the and their is nothing who let me know what I need to
> do for a multidomain environement and what is a good authentication to use (why
> SMB/ntlm why not msnt).
>
> Thakns for the help if you can.
>
> Regards,
>
> Arno
>
> ******************************************************************
> DISCLAIMER - E-MAIL
> -------------------
> The information contained in this E-Mail is intended for the named
> recipient(s). It may contain certain privileged and confidential
> information, or information which is otherwise protected from
> disclosure. If you are not the intended recipient, you must not
> copy,distribute or take any action in reliance on this information
> ******************************************************************
Received on Mon Nov 25 2002 - 16:26:02 MST