Re: [squid-users] Squid options for Secure Authentication

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Wed, 22 Jul 2009 08:28:20 +0200

fre 2009-07-17 klockan 14:23 -0400 skrev Mike Diggins:

> I've been asked to investigate eliminating the Basic authentication option
> due to the obvious security risks (I need to maintain NTLM though). After
> some brief reading, it appears that Digest Authentication might work. Can
> I use Digest Authentication against Winbind like I do now?

Unfortunately not. winbind do not expose the Digest authentication
scheme, even if you should configure your AD domain to support it (by
default disabled in AD, and enabling it requires everyone to reset their
password once enabled).

And it won't be a single-sign-on solution even if the account & password
is the same. In theory it could be, but Microsoft has not implemented
single sign on when using Digest.

> Also, is the
> Digest Authentication supported by most modern browsers (Windows and MAC
> versions)?

Yes.

But there is still related applications & plugins which only supports
Basic or perhaps NTLM.

Regards
Henrik
Received on Wed Jul 22 2009 - 06:28:31 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 23 2009 - 12:00:04 MDT