RE: [squid-users] Squid, ISA and Sharepoint

This is the kind if information and insight I was after. Thanks for the
ideas guys :)

Simon.

-----Original Message-----
From: Kinkie [mailto:gkinkie@gmail.com]
Sent: Monday, 18 February 2008 5:38 PM
To: Adrian Chadd
Cc: Dwyer, Simon; squid-users@squid-cache.org
Subject: Re: [squid-users] Squid, ISA and Sharepoint

On Feb 18, 2008 7:37 AM, Adrian Chadd <adrian@creative.net.au> wrote:
> On Mon, Feb 18, 2008, Dwyer, Simon wrote:
>
> > I believe they want to authenticate twice but I do not really see the
point.
> > They will have to authenticate with the sharepoint no matter what
happens.
> >
> > Is it possible to get squid to authenticate a user using Active
Directory
> > while reverse proxying?
>
> I'm not sure if Squid can do NTLM authentication as an origin server.
> I know it can just pass through the requests and let the sharepoint server
> do authentication.
>
> Henrik? Robert? Kinkie?

It should work just fine, there's nothing in the code that I remember
preventing it. The only way to be sure is "just trying" :)

Authenticating in NTLM over the Internet however is, in my opinion,
pointless and even dangerous - even Microsoft recommends against it
(or at least used to).
It allows anyone on the Internet to mount a wide range of DOS attacks
against AD - I'm not talking about a performance DOS, what I'm
referring to is the possibility to lock one (or all) users out of
logging on their PC.

-- 
    /kinkie