On Tue, 15 Mar 2011 14:20:03 -0500, Oscar Andrés Eraso Moncayo wrote:
> As I do so that users are not authenticated by dansguardian and
> access directly to the Internet,
> I have problems with dansguardian and authentication in Web
> applications with Java.
> ntlm_smb_lm_aut I use for user authentication.
>
> I add the next lines in the squid.conf for exclude users of
> authentication,
> acl no_auth src ipuser
> http_access allow no_auth
> and works well with squid, but i need to exclude the ipuser in
> dansguardian,
>
Yes you do.
Also, please read this:
http://www.zdnet.com/blog/security/security-flaws-haunt-ntlmv1-2-challenge-response-protocol/7136
Scared? hopefully you are, the ntlm_smb_lm_auth helper is an exploit
for that vulnerability.
Any modern system (circa 1998) which successfully logs into your proxy
is badly vulnerable to attack.
Please at least use ntlm_auth by the Samba project or upgrade the whole
way to Kerberos.
Amos
Received on Wed Mar 16 2011 - 01:42:32 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 16 2011 - 12:00:03 MDT