ons 2003-03-05 klockan 15.20 skrev Scott Wrosch: > So, with that being said, is there any other encryption methods that > have no issues with proxies that can be used with IIS? Or, is there a > way (that you're aware of) in IIS to configure it so that if it's going > to the internal networks it uses basic authentication, but if it's > coming from the Internet, it uses NTLM (assuming the answer to the first > question is no)?
The standard HTTP Digest authentication scheme can be proxied just fine. It is only the MS invented hacks which can not.. You can also use SSL to encrypt the whole traffic if your Squid is running as an accelerator infront of some web servers, if having plaintext sent over the internet is a issue. For web servers via proxies SSL also solves the problems nicely, including allowing NTLM authentication via proxies (this is because SSL is not actually proxied, merely tunneled via the proxy), but SSL then have to be enabled on the web server. Note regarding Internet usage: Microsoft documentation clearly states that NTLM authentication SHOULD NOT be used over the Internet. The reasons for this is many.. -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
