Re: [squid-users] Security of NTLM authentication

From: Leonardo Rodrigues <leolistas_at_solutti.com.br>
Date: Wed, 03 Jun 2009 10:39:30 -0300

Guido Serassio escreveu:
>
> Just some more explanation here:
>
> There are two flavors of NTLM: V1 (the windows 9x version) and V2.
> Squid is able to use both, but V2 is more secure.
>
> On the Kerberos side, you need the "negotiate" authentication schema,
> but there are some requirements to meet
> Browser:
> - Internet Explorer 7.0 or later
> - Firefox 1.5 or later
> OS:
> - Windows 2000 or later
>
> So on Windows 2000 you can use Negotiate with Firefox only, while on
> XP/2003 you need to Install at least IE7 or Firefox.
>

    Hi Guido,

    thanks for the extra informations.

    is it possible to configure squid to use only NTLM v2 ? I'm actually
doing the basic:

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param ntlm keep_alive on
external_acl_type ad_group ttl=1800 children=50 %LOGIN
/usr/bin/wbinfo_group.pl

-- 
	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br
	Minha armadilha de SPAM, NÃO mandem email
	gertrudes_at_solutti.com.br
	My SPAMTRAP, do not email it
Received on Wed Jun 03 2009 - 13:46:44 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 03 2009 - 12:00:02 MDT