# ####### # Negotiate # ####### # http://wiki.squid-cache.org/Features/Authentication # http://wiki.squid-cache.org/Features/NegotiateAuthentication auth_param negotiate program /usr/bin/ntlm_auth --helper-protocol=gss-spnego --configfile /etc/samba/smb.conf-squid auth_param negotiate children 10 startup=0 idle=1 auth_param negotiate keep_alive on
# ####### # NTLM AUTH # ####### # ntlm auth auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --configfile /etc/samba/smb.conf-squid auth_param ntlm children 10 #auth_param ntlm children 10 startup=0 idle=1 #auth_param ntlm keep_alive # ####### # NTLM over basic # ####### # warning: basic authentication sends passwords plaintext # a network sniffer can and will discover passwords auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --configfile /etc/samba/smb.conf-squid auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours On 2 September 2015 at 11:15, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 2/09/2015 11:50 a.m., Alex Samad wrote: >> Hi >> >> I have squid setup to use >> NTLM and then faill back to basic. >> >> when it fails back to basic, my user put in >> >> firstname.surname@a.b.c which fails. >> >> if they put in firstname.surname it works >> >> is there some way to get squid to strip off the @<.*> > > That depends on which helper you are using to validate the Basic auth > credentials. The ones which support it do so via a command line > parameter. So check our helpers documentation to see if one exists to > strip Kerberos/NTLM/Domain. > > Otherwise you can always script a helper for yourself. > >> >> also is there some way to change the info in the dialogue box that pops up > > The only controllable part of the popup dialog is the Realm value. Set > by the auth_param directives "realm" parameter. > > IIRC the realm is usually turned into the title bar, though some > browsers show it in quotes in the text. The form and display of the > popup is fixed and not manipulatable by any external server for security > reasons that should be obvious. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
