ons 2003-03-05 klockan 15.20 skrev Scott Wrosch:
> So, with that being said, is there any other encryption methods that
> have no issues with proxies that can be used with IIS? Or, is there a
> way (that you're aware of) in IIS to configure it so that if it's going
> to the internal networks it uses basic authentication, but if it's
> coming from the Internet, it uses NTLM (assuming the answer to the first
> question is no)?
The standard HTTP Digest authentication scheme can be proxied just fine.
It is only the MS invented hacks which can not..
You can also use SSL to encrypt the whole traffic if your Squid is
running as an accelerator infront of some web servers, if having
plaintext sent over the internet is a issue.
For web servers via proxies SSL also solves the problems nicely,
including allowing NTLM authentication via proxies (this is because SSL
is not actually proxied, merely tunneled via the proxy), but SSL then
have to be enabled on the web server.
Note regarding Internet usage: Microsoft documentation clearly states
that NTLM authentication SHOULD NOT be used over the Internet. The
reasons for this is many..
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Wed Mar 05 2003 - 13:19:57 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:56 MST