Appendix 2. Configuring integration of the Squid service with Active Directory

Active Directory integration lets you add Active Directory users as initiators of traffic processing rule triggering.

You can use the following authentication mechanisms:

• Kerberos authentication

  Mechanism for mutual authentication of client and server before establishing a connection, which allows to communicate over unprotected networks. The mechanism is based on using a ticket that is issued to the user by an authentication center.

• NTLM authentication

  Authentication mechanism based on authenticating the server's request and the client's response. The request and response are encrypted with hashes of the use password, which are transmitted over the network. If network traffic is intercepted, attackers can gain access to password hashes, which makes this mechanism less robust than Kerberos authentication.

• Basic authentication.

  Authentication mechanism involving sending the user name and password in unencrypted form to the server for verification.

It is recommended to use Kerberos authentication because it is the most robust mechanism. NTLM and Basic authentication can let an attacker access user passwords by intercepting network traffic.

In this Help section Configuring Kerberos authentication Configuring NTLM authentication Configuring Basic authentication

Page top