[plug] [OT] XP Remote

[Craig Ringer]

Jay Turner wrote:
> Craig Ringer Wrote:
> 
>>Anyway, if you're running a windows network you can do all sorts of
>>magic with using NTLM-auth proxies to impose per-userid QoS for any host
>>on the domain, right? (Aside: The same could be done by using kerberos
>>to authenticate with squid or aother proxy. Anybody know if this is
>>supported by any browsers or proxies?).
> 
> You can use Squid with the Samba Winbind helper to have Squid authenticate
> users against an ADS or standard domain (Samba3 supports Kerberos which is
> required if connecting to a Win2003 Server). Only IE 5.5+ supports NTLM
> 'transparent' user credentials being passed from the browser to the proxy.
> All other browsers will use basic authentication resulting in an input box
> being displayed on the screen and the user details being sent clear text
> from the browser to the proxy.

OK. So currently what I'm thinking of is not availible. I wasn't able to 
find anything about it on Google either.

I don't need it here, but may in future. Essentially, I'd like to be 
able to set things up so that the browser uses Kerberos to authenticate 
with the proxy, so the proxy can make per-userid policy decisisons 
without requiring an extra user-visible authentication stage. Much like 
NTLM under Windows, in fact.

If the browser support for using Kerberos to authenticate with the proxy 
doesn't exist, though, that won't really do any good.

Regarding browser support, I'm pretty sure that recent Mozilla and 
Firefox versions also support NTLM for authentication with a Windows proxy.

--
Craig Ringer