Problem:
- Intranet Windows-base infrastructure
- Proxy server to get the Internet
- Proxy server require NTLM-base authentication
- Intranet security policy to change password on schedule basis
- My OS - Unix/Ubuntu
Situation #1:
Proxy configuration needs to be defined in several places within the OS
While changing password on schedule basis, local definitions must be changed as well.
Well annoying, you know ))
If some local definitions were skipped to be modified, proxy server account can be locked by security policy
Situation #2:
Not all web clients can store proxy username and passwords, so they asks for them at any new Web session. Quite annoying as well ))
Failed Solution:
Local proxy server based on tinyproxy. Tinyproxy can transfer connection to other proxy server, but can't to authenticate to it
Success Solution:
Local proxy server based on CNTLM.
Cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world.
So once you're behind those cold steel bars of a corporate proxy server requiring NTLM authentication, you're done with. The same even applies to 3rd party Windows applications, which don't support NTLM natively.
It support both Unix/Windows systems and can be found under Ubuntu package repository.
Configuration is pretty simple. Just setup proxy credentials and Listen port in the /ets/cntlm.conf
References:
http://cntlm.sourceforge.net/
http://en.wikipedia.org/wiki/NTLM
http://en.wikipedia.org/wiki/Tinyproxy
0 comments:
Post a Comment