[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[10]: [suse-security] Squid Update ?



Am Dienstag, 28. Oktober 2003 17:13 schrieb André Sänger:
> Hello Markus,
>
> Tuesday, October 28, 2003, 4:56:27 PM, you wrote:
> > Right. Because only IE is able to send NTLM (or ADS) auth.
> > what a pity, hm?
> > Better is: Open LDAP Server - Single Sign on solution, incl
> > Firewall, Mail and all that you can imagine.
>
> But how do I get a single sign on to the squid proxy then (taken that
> the clients stay NT4 Workstations)? Wouldn´t I still have to use
> NTLM?

Not necessarily. Ldap helps. In a different solution we do that by 
activating (per-user, per-client, per-client-ip) specific iptables 
rules (also stored in ldap directory) after a successul login to our 
ldap server. So we can exactly control what Mr A is allowed to on 
machine B with operating system C under circumstances D and so on... 
(and not only squid... ;-)
That's probably the best way I know, but I'm always open for 
suggestions!
Other possible solutions are e.g. pam or samba auth for squid... i guess


> Is it possible to migrate an NT Domain to a Samba/Ldap SuSE Linux
> Server yet - without having to touch the clients? Can I replicate the
> accounts like NT PDC/BDCs do for the case the main Samba/LDAP Server
> goes down?
>
>
> --
> Best regards,
>  André                            mailto:Andre.Saenger@xxxxxx

-- 
Mit freundlichen Grüßen
Markus Feilner
--
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23  - mobil: +49 170 302 709 2 
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here