Integration with osx keychain

versat / cntlm

Cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy intended to help you break free from the chains of Microsoft proprietary world. More info on http://cntlm.sourceforge.net/ website. This version also supports: SSPI (on Windows, NTLM authentication only), Kerberos authentication, IPv6, proxy PAC files.

GNU General Public License v2.0

127 stars 40 forks source link

Integration with osx keychain #116

Closed droctothorpe closed 4 months ago

droctothorpe commented 4 months ago

Hello. First of all, thank you for maintaining this wonderful project. cntlm is awesome.

It was recently blocked at my workplace because it stores (admittedly hashed) sensitive credentials in a text file. Would it be possible to integrate cntlm with osx keychain? How much of a lift do you think it would be?

Thanks!

fralken commented 4 months ago

Hello @droctothorpe have you checked whether you can use kerberos instead? With kerberos, cntlm gets credentials from the kerberos cache and it does not need them in the cntlm.conf file. You can start cntlm either with the command line param -a gss or by adding in the cntlm.conf the line Auth GSS.

droctothorpe commented 4 months ago

I will look into whether or not that's possible for our use case. Thanks for the suggestion! Will close this issue for now until I confirm whether or not kerberos is an option for us. Much appreciated.