Configuring integration of the Squid service with Active Directory

To manage user access to web resources based on domain security policies, you must set up integration of the Squid service with Active Directory.

Integration with Active Directory lets you use the following application functionality:

• Add Active Directory users as initiators of traffic processing rule triggering.
• Assign roles to users based on their domain accounts.

You can use the following authentication mechanisms:

• Kerberos authentication

  Mechanism for mutual authentication of client and server before establishing a connection, which allows to communicate over unprotected networks. The mechanism is based on using a ticket that is issued to the user by an authentication center.

• NTLM authentication

  Authentication mechanism based on authenticating the server's request and the client's response. The request and response are encrypted with hashes of the use password, which are transmitted over the network. If network traffic is intercepted, attackers can gain access to password hashes, which makes this mechanism less robust than Kerberos authentication.

• Basic authentication.

  Authentication mechanism involving sending the user name and password in unencrypted form to the server for verification.

It is recommended to use Kerberos authentication because it is the most robust mechanism. NTLM and Basic authentication can let an attacker access user passwords by intercepting network traffic.

In this Help section Configuring Kerberos authentication Configuring NTLM authentication Configuring Basic authentication

Page top