[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re: [suse-security] Squid Update ?
Am Dienstag, 28. Oktober 2003 17:13 schrieb André Sänger:
> Hello Markus,
> Tuesday, October 28, 2003, 4:56:27 PM, you wrote:
> > Right. Because only IE is able to send NTLM (or ADS) auth.
> > what a pity, hm?
> > Better is: Open LDAP Server - Single Sign on solution, incl
> > Firewall, Mail and all that you can imagine.
> But how do I get a single sign on to the squid proxy then (taken that
> the clients stay NT4 Workstations)? Wouldn´t I still have to use
Not necessarily. Ldap helps. In a different solution we do that by
activating (per-user, per-client, per-client-ip) specific iptables
rules (also stored in ldap directory) after a successul login to our
ldap server. So we can exactly control what Mr A is allowed to on
machine B with operating system C under circumstances D and so on...
(and not only squid... ;-)
That's probably the best way I know, but I'm always open for
Other possible solutions are e.g. pam or samba auth for squid... i guess
> Is it possible to migrate an NT Domain to a Samba/Ldap SuSE Linux
> Server yet - without having to touch the clients? Can I replicate the
> accounts like NT PDC/BDCs do for the case the main Samba/LDAP Server
> goes down?
> Best regards,
> André mailto:Andre.Saenger@xxxxxx
Mit freundlichen Grüßen
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23 - mobil: +49 170 302 709 2
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here