fre 2003-04-04 klockan 15.20 skrev Craig Home: > Henrik, > > Thanks for the response - not sure if I can use NTLM in Active directory > native mode hence why I was looking down the LDAP route.
It depends on some other flag.. I don't remember off hand what. Guido wrote a good explanation a month or two ago on squid-users. > Out of interest, just for myself - say I wasn't running Active directory and > had a different LDAP server - would I still need to authenticate when > accessing any internet resources or is it possible to get fully integrated > ldap access with something like Mozilla on Linux? You would need to manually authenticate. The issue is a trust issue. Your desktop (including browser) does not automatically trust the proxy with your personal login and password. Maybe some day in future when Kerberos or another distributed trust login system becomes commonly used there will be a standard in how to forward user credentials in a secure manner. Until then we have to live with multiple logins I am afraid. As of today only the Microsoft Integrated Login schemes (NTLM and NEGOTIATE) provides such functionality, none of which is documented by Microsoft much beyond "a binary blob of unspecified data is exchanged between the Microsoft client and the Microsoft Server", and both of which fits extremely bad in the context of HTTP to the point that they even violate fundamental aspects the HTTP specification and breaks down with standards compliant proxies. Regards Henrik -- Free Squid-users support provided by Henrik Nordstr�m <[EMAIL PROTECTED]> PayPal donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org&cn=Comment If you need commercial Squid support or cost effective Squid and firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
