On Tue, 2006-12-12 at 05:29 +0100, Henrik Nordstrom wrote:
>
> In theory it may be possible to use Samba ntlm_auth without an ADS
> setup.
Yeah, I had wondered too if ntlm_auth could be used with Samba
configured to use either PAM locally, which would use kerberos or if
Samba had any direct kerberos support in it (doubtful). Doesn't
ntlm_auth with spnego need samba >-4 though?
> But I don't know if it will work or how one configures Samba for
> such setups.
Indeed. Certainly if one has Samba already configured and in use, it
would hopefully not be much more, but to install and configure Samba
just for squid is a bit much -- I suppose if one really wants SSO
though.
But my suggestion of using ntlm_auth was not so much in it's binary form
but as a source of SPNEGO handling. IIUC, ntlm_auth takes the SPNEGO
blob from the client via squid and unpacks it and does the NTLM auth
with the MS Goop(tm) doesn't it?
b.
-- My other computer is your Microsoft Windows server. Brian J. Murrell
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST