On 27/06/17 12:06, Todd Pearson wrote:
I am hosting the squid proxy on Windows 2K12 server. Squid 2.7.STABLE8
Squid Web Proxy version worked well for authentication until recent
Windows 10 update killed Sha1. Now I am upgrading to squid proxy
version 3.5.x.x to restore authentication.
FYI: upgrading to Squid-3 will not solve that problem by itself. The
helpers in both Squid series are performing the same logic, with the
same crypto limitations.
The core problem is that NTLM protocol itself is not capable of anything
actually considered secure these days. It was declared EOL by MS more
then 11 years ago, so loss of NTLM related things in Win10 is hardly a
surprise.
To solve your auth problem what you need is actually a migration to
Kerberos authentication (Negotiate auth). You might find that slightly
easier after the Squid-3 upgrade, but the two are really independent
changes.
The below settings are longer available in the 3.5.x.x version since the
progams do not exist for the new version:
auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
external_acl_type win_domain_group %LOGIN
c:/squid/libexec/mswin_check_ad_group.exe -G
What are the equivalent setting for v 3.5. Once again I am in windows
environment.
The helpers still exist, they just got renamed to follow a structured
taxonomy:
<http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html#ss2.6>
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
