[squid-users] Squid 2.7 STABLE8 (Win2008) can't get my MS Lync 2013 to work?

[Jason Haar]

On 08/10/14 12:17, Mirza Dedic wrote:
> 
> I did not want to uncomment the NTLM because we use this to provide
seamless
> authentication for the clients, if we only allow basic it will prompt for
> user/pass won't it?

The dodgy "invisibly tracking users without them knowing it" feature
that NTLM auth gives you only works for MSIE (all other browsers prompt
I think?) and is much slower than Basic. Yes Basic does prompt, but the
user can "save" the password (ie they only do it once) and is much
cleaner and more reliable (try running multi-domain NTLM where one of
the domains is a continent away). Basic is quicker because it's embedded
in the HTTP transaction on a 1-for-1 basis, whereas NTLM is 1-for-4 (I
think?). ie you have to make 4 HTTP requests before you get the webpage
when you use NTLM (ignoring keepalive)

The only downside (besides your users knowing you're tracking them...)
is that Basic is cleartext - so sniffers can see the passwords. However,
if it's on a corporate network, that shouldn't be a problem (else you're
doing it wrong ;-)

I prefer Basic specifically because it *does* mean the users know you're
tracking them: that means they're less likely to go to dodgy sites/etc
on company time :-)


-- 
Cheers

Jason Haar

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141008/bad7e184/attachment.html>