Appendix 2. Configuring integration of the Squid service with Active Directory

Active Directory integration lets you add Active Directory users as initiators of traffic processing rule triggering.

The provided instructions on configuring the Squid service are applicable if Kaspersky Web Traffic Security was installed from an RPM or DEB package to a ready-to-use operating system. If Kaspersky Web Traffic Security was installed from an ISO file, configuration files for the built-in proxy server cannot be manually changed.

You can use the following authentication mechanisms:

• Kerberos authentication

  Mechanism for mutual authentication of client and server before establishing a connection, which allows to communicate over unprotected networks. The mechanism is based on using a ticket that is issued to the user by an authentication center.

• NTLM authentication

  An authentication mechanism that works through requests/responses between the server and the client without transmitting the user's password as plaintext over the network. The request and response are encrypted with hashes of the use password, which are transmitted over the network. If network traffic is intercepted, attackers can gain access to password hashes, which makes this mechanism less robust than Kerberos authentication.

• Basic authentication

  Authentication mechanism involving sending the user name and password in unencrypted form to the server for verification.

It is recommended to use Kerberos authentication because it is the most robust mechanism. NTLM and Basic authentication can let an attacker access user passwords by intercepting network traffic.

In this Help section Configuring Kerberos authentication Configuring NTLM authentication Configuring Basic authentication

Page top