<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#464646" bgcolor="#FFFFFF">
<font face="Arial">Hi<br>
<br>
What we are looking for is to retrieve a "user" token without
having to ask anything from the user.<br>
That's why we're looking at Active Directory credentials.<br>
Once the user account is retrieved, a helper would be in charge of
checking if the user exists in the LDAP database.<br>
This is to avoid any connection to an Active Directory<br>
Maybe this is impossible<br>
<br>
</font><br>
<div class="moz-cite-prefix">Le 10/02/2022 à 05:03, Amos Jeffries a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:b7a0ecf7-09d5-120a-fa96-c30cdf3592e4@treenet.co.nz">On
10/02/22 01:43, David Touzeau wrote:
<br>
<blockquote type="cite">Hi
<br>
<br>
I would like to sponsor the improvement of ntlm_fake_auth to
support new protocols
<br>
</blockquote>
<br>
ntlm_* helpers are specific to NTLM authentication. All LanManager
(LM) protocols should already be supported as well as currently
possible. NTLM is formally discontinued by MS and *very*
inefficient.
<br>
<br>
NP: NTLMv2 with encryption does not *work* because that encryption
step requires secret keys the proxy is not able to know.
<br>
<br>
<blockquote type="cite">or go further produce a new
negotiate_kerberos_auth_fake
<br>
<br>
</blockquote>
<br>
With current Squid this helper only needs to produce an "OK"
response regardless of the input. The basic_auth_fake does that.
<br>
<br>
Amos
<br>
_______________________________________________
<br>
squid-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
<br>
</blockquote>
<br>
</body>
</html>