Re: [squid-users] generic kerberos support in 2.6?

From: Brian J. Murrell <brian@dont-contact.us>
Date: Sun, 10 Dec 2006 15:21:20 -0500

To answer some of my own questions...

On Sun, 2006-12-10 at 13:40 -0500, Brian J. Murrell wrote:
> Now that Negotiate support is in 2.6 can one use Kerberos credentials
> with a Negotiate-supported browser (i.e. Firefox 2.0) to authenticate to
> a squid proxy?

I think so. I have witnessed on-the-wire "Negotiate" proxy
authentication. I configured squid for negotiate and just pointed it to
ntlm_auth just to keep squid happy enough to do the web browser
interaction properly. I also added the HTTP/<server> principal to my
kerberos database but of course this method fails to actually perform
any proxying because I don't have a Windows authentication server to
point ntlm_auth at.

So, I guess the question, more precisely becomes, is there a "kerberos
only" authentication helper available for squid to take the spnego bits
from the client and perform a kerberos-only authentication operation?

b.

-- 
My other computer is your Microsoft Windows server.
Brian J. Murrell

Received on Sun Dec 10 2006 - 13:21:24 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST