To answer some of my own questions...
On Sun, 2006-12-10 at 13:40 -0500, Brian J. Murrell wrote:
> Now that Negotiate support is in 2.6 can one use Kerberos credentials
> with a Negotiate-supported browser (i.e. Firefox 2.0) to authenticate to
> a squid proxy?
I think so. I have witnessed on-the-wire "Negotiate" proxy
authentication. I configured squid for negotiate and just pointed it to
ntlm_auth just to keep squid happy enough to do the web browser
interaction properly. I also added the HTTP/<server> principal to my
kerberos database but of course this method fails to actually perform
any proxying because I don't have a Windows authentication server to
point ntlm_auth at.
So, I guess the question, more precisely becomes, is there a "kerberos
only" authentication helper available for squid to take the spnego bits
from the client and perform a kerberos-only authentication operation?
b.
-- My other computer is your Microsoft Windows server. Brian J. Murrell
This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST