To answer some of my own questions... On Sun, 2006-12-10 at 13:40 -0500, Brian J. Murrell wrote: > Now that Negotiate support is in 2.6 can one use Kerberos credentials > with a Negotiate-supported browser (i.e. Firefox 2.0) to authenticate to > a squid proxy? I think so. I have witnessed on-the-wire "Negotiate" proxy authentication. I configured squid for negotiate and just pointed it to ntlm_auth just to keep squid happy enough to do the web browser interaction properly. I also added the HTTP/<server> principal to my kerberos database but of course this method fails to actually perform any proxying because I don't have a Windows authentication server to point ntlm_auth at. So, I guess the question, more precisely becomes, is there a "kerberos only" authentication helper available for squid to take the spnego bits from the client and perform a kerberos-only authentication operation? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
Attachment:
signature.asc
Description: This is a digitally signed message part
