RE: NT Authentication

["Stout, Bill" <StoutB () pios com>]

Note that once you travel down the MS-CHAP path, Netscape either won't work
or if it does happen to, becomes non-transparent (username/password
required).  The bloated version of IE (4.x) is also required, and is a
version most NT folk have successfully avoided until now.  The whole CHAP
thing adds another nail to non-MS products in the office.  If this sounds a
bit sour, it's because the I.S. guys just did this to our net last night,
and much access slowed or stopped working.

For the long term, I'd recommend waiting for a product that has universal
authentication, not proprietary.  IMNSHO, this is another sly move by the
borg to lock in users.  For non-MS browsers, outbound authentication via an
NT domain\username/password is supposed to work.  Note that most sites don't
use outbound authentication because it's a P.I.T.A..  That clues you in on
the future use of non-MS browsers behind an MS-CHAP proxy.  

As a techy type, I have an NT domain that constantly morphs, so it's not
part of the corporate domain.  In order to be part of the blessed domain, my
systems would be sent in to corporate and reloaded fresh...with W95, IE 4.0
and PC-duo.  My laptop runs NT server, Netscape, and a collection of
demonstration tools.  Therefore, if I want to view all those interesting
ideas and startups out there, dial-out access for me.

Bill Stout


> ----- Original Message -----
> Hi,
>
> I have been asked a few times recently to specify a proxy which can get
> Authentication from an NT domain.  This seems to be sites which are
> using DHCP.
>
> I often like to specify a FW which has an internal proxy where the
> site admin team can control the insides clients Internet access.  This
> means they can make all the changes for individual users and don't have
> to go near the FW.  In the past I have used Wingate and IP's but more
> and more sites seem to want this authentication to come from an NT
> domain ala M$ Proxy server I guess.
>
> Being no genius on NT I wondered if anyone has any other product
> suggestions, alternative ways of doing this etc.  Any actual
> experiences with Microsofts proxy would be good too - I think we all
> know how dubious the security is, the management possibilities seem
> useful though.
>
> TIA
>
> S
>
>
> -- 
>
> ----- End Of Original Message -----