Anybody ever used this local sock/proxy on their workstion to support applications not working with Auth proxy? On of our user sent me the info. It's available at http://cntlm.sourceforge.net
Any comment? Problem? Risk?
Here a small description:
Cntlm (user-friendly wiki /technical manual) is an NTLM / NTLM SessionResponse / NTLMv2 authenticating HTTP proxy intended to help you . Once you're behind those cold steel bars ofa corporate proxy server requiring NTLM authentication, you're done with. Thesame even applies to 3rd party Windows applications, which don't support NTLMnatively.
Here comes Cntlm. It stands between your applications and the corporate proxy,adding NTLM authentication on-the-fly. You can specify several "parent" proxiesand Cntlm will try one after another until one works. All auth'd connectionsare cached and reused to achieve high efficiency. Just point your apps proxysettings at Cntlm, fill in cntlm.conf (cntlm.ini) and you're ready to do. Thisis useful on Windows, but essential for non-Microsoft OS's.
Cntlm integrates TCP/IP port forwarding (HTTP tunneling), SOCKS5 proxy mode,standalone proxy allowing you to browse intranet as well as Internet and toaccess corporate web servers with NTLM protection. There are many advancedfeatures like NTLMv2 support, password protection, password hashing, completelymutliplatform code (running on just about every architecture and OS out there)and so much more. Cntlm eats up so little resources it can be used on embeddedplatforms as well - it's written in plain C without any external dependencies.
Cntlm has been tested against various ISA servers, WinGate, NetCache, Squid andTinyproxy with and without NTLM auth.
Better look at GitHub - Evengard/cntlm: Cntlm is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy... instead of sourceforge. It has the latest sources (2016).
Question is if McAfee Web Gateway supports Windows SSPI for NTLM, that is one of the latest additions to cntlm.
If you're looking for an application that can take care of authentication, MCP would be an option as well.
MCP doesnt do NTLM, but it does take the currently logged on user and relays the credentials to the MWG.