[squid-users] ntlmssp: bad ascii: ffffffab (Lan Manager auth broken?)

Amos Jeffries squid3 at treenet.co.nz
Tue Oct 7 04:48:07 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 7/10/2014 5:08 p.m., Victor Sudakov wrote:
> James Harper wrote:
>>> No, adding Basic is not an option because I will have to
>>> provide special "proxy passwords" to the users, or make them
>>> enter their Windows passwords by hand. This is highly
>>> undesirable. Once they logon into Windows, they must have (or
>>> not have) Web access transparently.
>>> 
>>> If you know how to achieve SSO with Basic auth, please share.
>>> 
>> 
>> I have a few idea's for out-of-band SSO, some of which I have
>> experimented with...
> 
> [dd]
> 
>> 
>> 3. some bastardisation of identd. I've posted before about this. 
>> Identd assumes that the destination server is asking "who owns
>> this connection" and so only gives port numbers because the IP is
>> assumed from the ident connection (I have patched squid to fake
>> the source address of the destination server so it works in
>> transparent mode). Ident also has some serious security
>> shortcomings, but they wouldn't be hard to solve. This new ident
>> protocol would need:
> 
> I even know/use a couple of identd services for Windows, 
> http://sourceforge.net/projects/retinascan/ is a good one.
> 
> The sad irony is that ident lookups are also broken in squid34
> (the ident code leaks memory).
> 

With a patch. http://bugs.squid-cache.org/show_bug.cgi?id=3803.
The upstream version is also in there awaiting feedback on whether it
works before being applied to stables.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUM3CHAAoJELJo5wb/XPRjMfIIAIXasQD+Y7WA6ldfsa7bEFTX
2L6nXtxREvNdQsAn3upELguGL4iiN9q79TNlzcM8mRdVft0KujUUsos6B63KXEMA
8N60hwEIWL6XKBwtX8eVZfGWrLnkClnIOeyi/bSqVxzgCxjeySMlnY5ROYreWpH7
YFk8WxPUZocksVwk60mgxcSI2qolJoLV8p/PT0Z6ZX9pDl+V3VkGEjAw+i2XlRLM
nJgumYUO2BwCq5QPoFnM6UuFVBS51TEWXraQ9o/Iq+3vmaka3RAFtV1ech3s6RsP
ZJQwuaEcz61O6qisyru5I2V6qbuhbsAyrMyE0r9Jmb+xyioz6xJsddEEG6m2scQ=
=X9cz
-----END PGP SIGNATURE-----


More information about the squid-users mailing list