Cntlm Publisher's description
from David Kubicek
Cntlm is an authenticating HTTP proxy intended to help you break free from the chains of the proprietary world...
Cntlm is an authenticating HTTP proxy intended to help you break free from the chains of the proprietary world we all are held prisoners in. You can run and use a free operating system on your computer and honor our noble idea, but you can't hide! Once you're behind the cold steel bars of the corporate proxy server requiring NTLM authentication, your lost.
Here comes Cntlm. It takes the address of your proxy (or proxies) and opens a listening socket, forwarding each request to the proxy (moving in a circular list if the active proxy stops working). Along the way, the forwarded connection is created anew and authenticated or, if available, previously cached connection is reused to achieve higher efficiency and faster responses. When the chain is set up, Cntlm is to be used as the primary proxy. Cntlm also itegrates transparent TCP/IP port forwarding (tunneling) through the parent proxy. Each tunnel opens a new listening socket on the specified local port and forwards all connections to the given host:port behind the parent proxy.
Apparently, the authentication part is similar to NTLMAPS and others, but Cntlm removes many of their shortcomings and inefficiencies. It supports real keep-alive (on both sides) and it caches all authenticated connections for reuse in subsequent requests. It can be restarted without TIME_WAIT delay, uses just a fraction of memory compared to others and by orders of magnitude less CPU. Each thread is completely independent and one cannot block another.
In addition to lower usage of system resources, Cntlm achieves higher throughput.
By caching once opened connections, it acts as an accelerator; instead of 5-way auth handshake for each connection, it transparently removes this requirement, providing direct access most of the time. For example, NTLMAPS doesn't do authentication at once with the initial request - instead, it first connects, sends a probe and disconnects. No sooner than that it connects again and then initiates NTLM handshake
What's New in This Release:A built-in SOCKS 5 proxy service, official inclusion in Debian, FreeBSD support, an Ubuntu /bin/sh (Dash) compatible init script, a fix for HTTPS/tunneling instability, support for NTLM-free (open) proxies, and major code refactoring.
System Requirements:No special requirements.
Program Release Status: Minor Update
Program Install Support: Install and Uninstall