I've been running squid-2.6.STABLE20 for a long time using a combination
of NTLM authentication, and Basic authentication for those that can't use
NTLM. My back end authenticator is Winbind to a Windows Domain. That's
been working very well.
I've been asked to investigate eliminating the Basic authentication option
due to the obvious security risks (I need to maintain NTLM though). After
some brief reading, it appears that Digest Authentication might work. Can
I use Digest Authentication against Winbind like I do now? Also, is the
Digest Authentication supported by most modern browsers (Windows and MAC
versions)?
My Squid authentication configuration is:
#
auth_param ntlm program /usr/local/squid/sbin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 40
auth_param ntlm keep_alive on
#
auth_param basic program /usr/local/squid/sbin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 1 hours
-Mike
