Jakob Curdes escreveu:
> Troy wrote:
>> Everything I have read says you have to bypass the
>> proxy to access an NTLM enabled website. I just want to verify
>> this is still the case.
>>
> This is not a squid problem but a limitation of the NTLM protocol
> which was not designed to work through a proxy.
> This protocol needs a direct end-to end connection. I think I remember
> a discussion how it is possible to circumvent this but to my knowledge
> no real solution nor a workaround has been proposed.
>
> One could put it another way round: it is not a good idea to use NTLM
> on a publicly accessible website, on the one hand because the website
> will not be accessible from inside many corporate networks, on the
> other hand because NTLM has a lot of security implications and
> limitation when run on a publicly accessible server.
We discussed this a few days ago. Basically squid 2.6 and squid 3.0
can do NTLM site authentication just fine. If you cannot authenticate to
your NTLM authentication enabled site, just upgrade to squid 2.6 or
squid 3.0. There's no need for special configuration regarding NTLM
thing ... it simply works.
Yes I do agree that it may not be the smartest idea to use NTLM
authentication on a publically available site. But for us, squid admins,
simply using squid 2.6/3.0 solves this problem and enables NTLM
authentication sites to work properly.
-- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes@solutti.com.br My SPAMTRAP, do not email it
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST