DansGuardian Documentation Wiki

You are here: Main Index » user_identification_methods


|

Wiki Information

Differences

This shows you the differences between the selected revision and the current version of the page.

user_identification_methods 2010/03/23 22:59 user_identification_methods 2010/03/23 23:00 current
Line 419: Line 419:
It's seemingly __not__ possible to make DansGuardian //directly// support Kerberos authorization/identification. Trying to extend DansGuardian with an auth plugin to provide direct Kerberos support would run afoul of the same problem that explains why no such plugin is provided with DansGuardian. The problem is that in the exchange, the Kerberos credentials are so heavily encrypted that DansGuardian cannot extract even a username. The usual //indirect// solution instead is to use BASIC authentication between browsers and DansGuardian/Squid, and then have Squid use LDAP to verify those already known plain text credentials with the Kerberos service. It's seemingly __not__ possible to make DansGuardian //directly// support Kerberos authorization/identification. Trying to extend DansGuardian with an auth plugin to provide direct Kerberos support would run afoul of the same problem that explains why no such plugin is provided with DansGuardian. The problem is that in the exchange, the Kerberos credentials are so heavily encrypted that DansGuardian cannot extract even a username. The usual //indirect// solution instead is to use BASIC authentication between browsers and DansGuardian/Squid, and then have Squid use LDAP to verify those already known plain text credentials with the Kerberos service.
- 
===== =====
<note>Although direct NTLM support has been available <note>Although direct NTLM support has been available
in the 2.9/2.10 series of DansGuardian since early 2006 in the 2.9/2.10 series of DansGuardian since early 2006
(and direct Digest support for quite a while), (and direct Digest support for quite a while),
-the vast majority of available documentation still does not reflect it.+much available documentation still does not reflect it.
It's unfortunately still very common to find HowTo's It's unfortunately still very common to find HowTo's
-that mis-state that the way to get +that //mis-state// that the way to get
NTLM support (or Digest support) in DansGuardian NTLM support (or Digest support) in DansGuardian
is with the "sandwich" configuration.</note> is with the "sandwich" configuration.</note>