Re: [squid-users] Squid 3.1.8 and Kerberos authentication

From: Francesco <frantz_at_itcserra.net>
Date: Fri, 22 Feb 2013 00:58:48 +0100 (CET)

Hello Amos,

happy to hear from you!

>> 1) in squid.conf, i have to specify windows user with the first capital
>> letter. Ex: user = User_at_DOMAIN.
>> If i specify user_at_DOMAIN i have no authentication to surf
>
> Case sensitivity has nothing to do with Squid. The user details are part
> of the encrypted data transferred directly between your client software
> and your authentication system. When users login the authentication
> system informs Squid what username just logged in - Squid uses that
> label exactly as received.

But, if i write, in squid.conf in proxy_auth acl, user instead of User,
Squid do not grant access, with authentication deny.
Is there a way to accept "user" and "User" at the same way?

>
> Yes. This is how authentication works in general. Client connects,
> server requests credentials, client repeats with credentials and gets
> whetever response is appropriate for that.

When working with 2008 and 2008 R2 domain controller, kerberos
authentication is better than ntlm, is it right?

Thank you!
Francesco
Received on Thu Feb 21 2013 - 23:58:13 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 22 2013 - 12:00:04 MST