[squid-users] Re: Proxy-Authentication-Info header

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Fri, 7 Jan 2011 11:17:36 -0000

I see.

Thank you
Markus

"Amos Jeffries" <squid3_at_treenet.co.nz> wrote in message
news:4D26BBCD.1050801_at_treenet.co.nz...
> On 06/01/11 03:17, Markus Moeller wrote:
>> Hi,
>>
>> When should I expect to see a Proxy-Authentication-Info header ? I
>> noticed that when I use Kerberos authentication with squid_kerb_auth on
>> Version 3.0.STABLE25 that squid_kerb_auth returns AF
>> oRQwEqADCgEAoQsGCSqGSIb3EgECAg== markus_at_SUSE.HOME to squid, but
>> oRQwEqADCgEAoQsGCSqGSIb3EgECAg== is added to a 200 OK as
>> Proxy-Authentication-Info header and not to a Proxy-Authorization header
>> for further processing by the client.
>>
>>
>> GET http://192.168.1.127:9090/w16c332bd.60732998:00000008/t03/_00000001
>> HTTP/1.1
>> Accept: */*
>> Host: 192.168.1.127:9090
>> X-Xact: 16c332bd.60732998:00000002 16c332bd.60732998:0000000c 0
>> X-Loc-World: 16c332bd.60732998:00000008 -1/1 0
>> X-Rem-World: 16c332bd.60732998:00000008 -1/1 0
>> X-Target: 192.168.1.127:9090
>> X-Abort: 1798565613 512442519
>> X-Phase-Sync-Pos: 0
>> Proxy-Connection: close
>> Proxy-Authorization: Negotiate
>> YIICgwYGKwYBBQUCoIICdzCCAnOgHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggJOBIICSmCCAkYGCSqGSIb3EgECAgEAboICNTCCAjGgAwIBBaEDAgEOogcDBQAAAAAAo4IBXmGCAVowggFWoAMCAQWhCxsJU1VTRS5IT01FoicwJaADAgEDoR4wHBsESFRUUBsUb3BlbnN1c2UxMS5zdXNlLmhvbWWjggEXMIIBE6ADAgEXoQMCAQOiggEFBIIBAaC6OrRsodSdqr+Y15NtSpBpfanzwI865Yr/5pbFYO+U05YTpZkIKz1ioQaoEIiavnuk6mSy4pAPNyrhz5xmlkyBQ+/ZA3X87lTbik7+piyy4vRWUlkXSLFqLCQ+vDTA3Tn1DSgagvIitFaeS5ARkzlcbas3hyKyQJgRmD11NVAxlFTq/tNHk6TvLODP1Cb0fEGhl4+3uzOrA7zbTwrj0rcTQQ+oz+DXXd+NV+XYFKeubXFACZUfHDM/XDWyVBrcu2KfqgiUzlGd04jLF4BQZq4iptSoDpAPrlt7U/DgMk/5pIERfLFR/UVjT7CdLN7v5uN75/3axwLmqbbV+/Z1ccP8pIG5MIG2oAMCAReiga4EgasCdd9tBqcqYnW6xphxYurzncg3PxYJdxvnMU+XW11jXB8Krnj3+i296Ip4/AU9h8OZF2FDGThPrjT+zavB5r28NImnOX79Ds5650hN7TpIii/gcb3hBV0D6cLSJJcUCrgGoSrX70zGvIqNa/POioE3sIbIOdZ9m9Yu/U
> wf66rItmqtPv5lo7s1W8J34e7PS2n5kZzf1jvJ786UNspn4C2a1uH7eYR0jC94lyU=
>>
>>
>> HTTP/1.0 200 OK
>> Cache-Control: public
>> Date: Wed, 05 Jan 2011 14:15:43 GMT
>> Content-Length: 18219
>> X-Target: 192.168.1.127:9090
>> X-Xact: 16c332a4.3f2d298e:00000002 16c332bd.60732998:7ffffff3 0
>> X-Abort: 1412400744 2082554117
>> X-Phase-Sync-Pos: 0
>> Proxy-Authentication-Info: Negotiate oRQwEqADCgEAoQsGCSqGSIb3EgECAg==
>> X-Cache: MISS from opensuse11.suse.home
>> X-Cache-Lookup: MISS from opensuse11.suse.home:3128
>> Via: 1.0 opensuse11.suse.home (squid/3.0.STABLE25)
>> Proxy-Connection: close
>>
>> Is that correct or did I misconfigure something ?
>
> Proxy-Authorization is only on requests from the client.
>
> Squid will send Proxy-Authentication-Info on successfully authenticated
> digest or negotiate responses. Digest is done as per RFC 2617. I'm unable
> to find any proxy-auth* specs for Negotiate protocol, RFC 4559 only covers
> origin server auth and does not mention *-Info at all.
>
> The specs of Proxy-Authentication-Info indicate that it can be used on any
> successful auth response to provide the client with details about the
> auth, so it makes sense to send it when Negotiate is accepted.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.10
> Beta testers wanted for 3.2.0.4
>
Received on Fri Jan 07 2011 - 11:17:55 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 07 2011 - 12:00:02 MST