On Sat, 2004-10-23 at 05:03, John H Terpstra wrote: > On Friday 22 October 2004 10:49, Palle Girgensohn wrote: > > Hi! > > > > I don't use MS products at all, so I have very little knowledge with them, > > but I believe Microsoft has as protocol where Internet Explorer can > > automatically authenticate against an IIS server, and given that the server > > and client are on the same NT domain, and the client user is logged in to > > that domain, the user is automatically logged in without the need to give > > away the password one more time to the webserver. > > Squid + ntlm-auth can handle the SPNEGO protocol.
Sorry, Squid only handles NTLMSSP. SPNEGO is not defined for HTTP proxies, but it's guessed that Microsoft will eventually implement it, and I hope to get Mozilla/Squid there first (it would dramatically decrease the authentication load on a proxy). > If you want this from Apache > you should check out www.vintela.com. For NTLMSSP, which is all you need in the intranet, then my preference is mod_ntlm_winbind: http://download.samba.org/ftp/unpacked/lorikeet/trunk/mod_ntlm_winbind/ I have SPNEGO support there too, and by hook or by crook, we will have a Samba helper to support this shortly (I have some work commitments that require it). This may be by means of Samba4 or work on the more cludgy Samba3 SPNEGO helper (both are exposed via ntlm_auth). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
