Re: NT Authentication

["Joseph S. D. Yao" <jsdy () cospo osis gov>]

> I have been asked a few times recently to specify a proxy which can get
> Authentication from an NT domain.  This seems to be sites which are
> using DHCP.
>
> I often like to specify a FW which has an internal proxy where the
> site admin team can control the insides clients Internet access.  This
> means they can make all the changes for individual users and don't have
> to go near the FW.  In the past I have used Wingate and IP's but more
> and more sites seem to want this authentication to come from an NT
> domain ala M$ Proxy server I guess.
>
> Being no genius on NT I wondered if anyone has any other product
> suggestions, alternative ways of doing this etc.  Any actual
> experiences with Microsofts proxy would be good too - I think we all
> know how dubious the security is, the management possibilities seem
> useful though.

I know the people working on the [new! improved!] Linux port+ of PAM
were trying to put together an NT authentication module that worked
under all hosts to which PAM [Pluggable Authentication Modules, OSF RFC
86.0, AKA XSSO - X/Open Single Sign-On Service] had been ported.  I've
lost track of their progress on this.  Cf.
        <URL: http://www.kernel.org/pub/linux/libs/pam/>.

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-A/B
-----------------------------------------------------------------------
        PLEASE ... send or Cc: all "COSPO/OSIS Computer Support"
                     mail to sys-adm () cospo osis gov
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.