RE: [squid-users] RE: Re: Using LDAP Authentication with Windows 2003 Domain from Brian E. Conklin on 2005-11-03 (squid-users)

From: Brian E. Conklin <bconklin@dont-contact.us>
Date: Thu, 3 Nov 2005 12:03:46 -0800

> -----Original Message-----
> From: news [mailto:news@sea.gmane.org] On Behalf Of Adam Aube
> Sent: Thursday, November 03, 2005 11:50 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] RE: Re: Using LDAP Authentication with
> Windows 2003 Domain
>
>
> Derrick MacPherson wrote:
>
> > Is there an advantage to using LDAP and not using ntlm_auth?
>
> LDAP is simpler to setup and uses less system and network
> resources, as well
> as working readily with all browsers (on all platforms) that support
> authentication.
>
> NTLM authentication requires a full Samba install joined to
> the domain, is
> more resource intensive, breaks the HTTP protocol, and only provides a
> significant benefit with Internet Explorer on Windows (because
> authentication is transparent).

So by moving to LDAP authentication performance would be gained but
my users will be prompted each time they start their browser for user
name and password?

One of the great advantages for non-technically minded end users is
the transparent authentication.

>
> Yes, some versions of Mozilla do work with NTLM, but the user
> still needs to
> enter their username and password - NTLM is then used for the exchange
> between the browser and the proxy.
>
> Adam
>
>
===================================

Mason General Hospital
901 Mt. View Drive
PO Box 1668
Shelton, WA 98584
http://www.masongeneral.com
(360) 426-1611
===================================

This message is intended for the sole use of the individual and entity
to whom it is addressed and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you
are not the addressee nor authorized to receive for the addressee, you
are hereby notified that you may not use, copy, disclose or distribute
to anyone this message or any information contained in the message. If
you have received this message in error, please immediately notify the
sender and delete the message.

Replying to this message constitutes consent to electronic monitoring
of this message.

Thank you.
Received on Thu Nov 03 2005 - 13:05:00 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:09 MST