[squid-users] AD Ldap (automatically take the user that is logging on PC)
Amos Jeffries
squid3 at treenet.co.nz
Thu Aug 18 04:45:54 UTC 2016
On 18/08/2016 12:11 p.m., brendan kearney wrote:
> You want Kerberos and/or NTLM authentication for Single Sign On.
That is a myth. SSO is simply a way of building the system so that the
credentials used for machine login work when sent to the proxy and other
services. If you don't build the system right even NTLM wont work as SSO.
It is up to the browser to send the credentials it can find using the
appropriate authentication scheme for any receiving services (ie the proxy).
NTLM and Kerberos take the Windows login credentials without translating
them. So "work" without fancy browser translation being needed is all.
IIRC, there is a setting somewhere called "Use Windows Integrated
Authentication" that sometimes has to be enabled for SSO to work with
non-Microsoft designed authentication schemes.
Amos
More information about the squid-users
mailing list