I created a small helper program squid_kerb_proxy_auth which can be found at http://squidkerbauth.cvs.sourceforge.net/squidkerbauth/ It creates a base 64 encoded GSSAPI token (I think the ISA server accepts GSSAPI and SPNEGO token, if not I can convert if reuired). ./squid_kerb_proxy_auth -k mm.keytab -p markus@xxxxxxxxx -P opensuse.suse.home 2007/06/30 16:37:38| squid_kerb_proxy_auth: Token: YIICCQYJKoZIhvcSAQICAQBuggH4MIIB9KADAgEFoQMCAQ6iBwMFACAAAACjggEhYYIBHTCCARmgAwIBBaELGwlTVVNFLkhPTUWiJTAjoAMCAQGhHDAaGwRIVFRQGxJvcGVuc3VzZS5zdXNlLmhvbWWjgd0wgdqgAwIBF6EDAgEEooHNBIHKES4hqFdcNyLv0TjCts2L3bm1uQloST5Mhi2BJEhRw4AKVoDKwE8Y6XPssG5VVXjQyqcBjfKJ1hcsCFQ/b60BJ2l4e1L93Pzv4mLn/QnmpOYI4Z8YyBUd2t013HS6JEGgNBaQyEnlU8tZwxFOicPPooH/k3l0RcdmORqqWvE1G8K4AjjyPPzhZseFjeCUjXZhYnZ2szSVgeDahG0NSLaSPuQoHB7uhPV6bV8FwtkOSpI0RqiUJaEIlj7jzgRPXKfJnZyCCCqpOoB7eaSBuTCBtqADAgEXooGuBIGrH7kJYA/g59AYiPyw/ZtMOQ9YqXehJhNABV3zXWBwGboDrSJbive5I37CWleucMJBskteYhV5ikIitRW5L1aZJ+GSD0M/lRtwhbjeSigXqlNpxcZTRCVbyn0rtxNJTaCtWRKNgqNBdPJWw9IR5rNmiOL6fUNFf/RzbwBlm3ka8uaYHaREfJ6xnrjkXHXZuAEiOR4B39MDKaZGD/MX3FmhtdtuhP3QDqXO1KXx If somebody can point me to the right point in the squid code I can create a patch so that the token get send on a Proxy authentication: Negotiate request. Regards Markus "Wisskirchen, Dominik /Z22" <Dominik.Wisskirchen@xxxxxxxxxxxx> wrote in message news:B23E3DD4D422AC469FB6DAD5E28D3FB401636504@xxxxxxxxxxxxxxxxxxxxxxxxxx Hello all, Can I use a ISA Server 2006 as a cache_peer for Squid 2.6 using a Kerberos or NTLMv2 authentication? NTLM(v1) has been disabled due to security reasons. I want the Squid proxy to use the ISA Server as an upstream server, but the ISA Server only allows NTLMv2 or Kerberos authentication. To clarify: I do NOT want clients of the Squid proxy to be authenticated, only the Squid proxy itself shall authenticate to the ISA Server. (Kerberos/NTLMv2) (no authentication) ISA 2006 -----------------Squid 2.6--------------------Clients (without Kerberos/NTLMv2 support) Thanks for any answers in advance Dominik
