Hello Malte, First of all, thanks for your prompt reply. > at least on Linux it is possible to obtain a valid ticket with the > kinit command. If you want to integrate it further you should take a > look at the kerberos PAM-module (libpam-krb5 on debian). > > Firefox is then able to use kerberos to authenticate to Squid. I use > this kind of setup in a productive environment. Yep, that's what I thought. In any case, if the ticket has to be present for things to work (which is normal), what are the options for Windows users (not logged in on the domain)? In my case, the real use of the Squid proxy is for users outside of my network, for letting them access resources for which their access is limited to my local network (think of a library proxy). Since we can't have encryption between the browser and the Squid proxy, the most secure authentication mechanism has to be used... of course users could just use the VPN server, but that's an other story :-/ Thanks,
