On 06/01/11 03:17, Markus Moeller wrote:
Hi,
When should I expect to see a Proxy-Authentication-Info header ? I
noticed that when I use Kerberos authentication with squid_kerb_auth on
Version 3.0.STABLE25 that squid_kerb_auth returns AF
oRQwEqADCgEAoQsGCSqGSIb3EgECAg== markus@xxxxxxxxx to squid, but
oRQwEqADCgEAoQsGCSqGSIb3EgECAg== is added to a 200 OK as
Proxy-Authentication-Info header and not to a Proxy-Authorization header
for further processing by the client.
GET http://192.168.1.127:9090/w16c332bd.60732998:00000008/t03/_00000001
HTTP/1.1
Accept: */*
Host: 192.168.1.127:9090
X-Xact: 16c332bd.60732998:00000002 16c332bd.60732998:0000000c 0
X-Loc-World: 16c332bd.60732998:00000008 -1/1 0
X-Rem-World: 16c332bd.60732998:00000008 -1/1 0
X-Target: 192.168.1.127:9090
X-Abort: 1798565613 512442519
X-Phase-Sync-Pos: 0
Proxy-Connection: close
Proxy-Authorization: Negotiate
YIICgwYGKwYBBQUCoIICdzCCAnOgHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggJOBIICSmCCAkYGCSqGSIb3EgECAgEAboICNTCCAjGgAwIBBaEDAgEOogcDBQAAAAAAo4IBXmGCAVowggFWoAMCAQWhCxsJU1VTRS5IT01FoicwJaADAgEDoR4wHBsESFRUUBsUb3BlbnN1c2UxMS5zdXNlLmhvbWWjggEXMIIBE6ADAgEXoQMCAQOiggEFBIIBAaC6OrRsodSdqr+Y15NtSpBpfanzwI865Yr/5pbFYO+U05YTpZkIKz1ioQaoEIiavnuk6mSy4pAPNyrhz5xmlkyBQ+/ZA3X87lTbik7+piyy4vRWUlkXSLFqLCQ+vDTA3Tn1DSgagvIitFaeS5ARkzlcbas3hyKyQJgRmD11NVAxlFTq/tNHk6TvLODP1Cb0fEGhl4+3uzOrA7zbTwrj0rcTQQ+oz+DXXd+NV+XYFKeubXFACZUfHDM/XDWyVBrcu2KfqgiUzlGd04jLF4BQZq4iptSoDpAPrlt7U/DgMk/5pIERfLFR/UVjT7CdLN7v5uN75/3axwLmqbbV+/Z1ccP8pIG5MIG2oAMCAReiga4EgasCdd9tBqcqYnW6xphxYurzncg3PxYJdxvnMU+XW11jXB8Krnj3+i296Ip4/AU9h8OZF2FDGThPrjT+zavB5r28NImnOX79Ds5650hN7TpIii/gcb3hBV0D6cLSJJcUCrgGoSrX70zGvIqNa/POioE3sIbIOdZ9m9Yu/Uwf66rItmqtPv5lo7s1W8J34e7PS2n5kZzf1jvJ786UNspn4C2a1uH7eYR0jC94lyU=
HTTP/1.0 200 OK
Cache-Control: public
Date: Wed, 05 Jan 2011 14:15:43 GMT
Content-Length: 18219
X-Target: 192.168.1.127:9090
X-Xact: 16c332a4.3f2d298e:00000002 16c332bd.60732998:7ffffff3 0
X-Abort: 1412400744 2082554117
X-Phase-Sync-Pos: 0
Proxy-Authentication-Info: Negotiate oRQwEqADCgEAoQsGCSqGSIb3EgECAg==
X-Cache: MISS from opensuse11.suse.home
X-Cache-Lookup: MISS from opensuse11.suse.home:3128
Via: 1.0 opensuse11.suse.home (squid/3.0.STABLE25)
Proxy-Connection: close
Is that correct or did I misconfigure something ?
Proxy-Authorization is only on requests from the client.
Squid will send Proxy-Authentication-Info on successfully authenticated
digest or negotiate responses. Digest is done as per RFC 2617. I'm
unable to find any proxy-auth* specs for Negotiate protocol, RFC 4559
only covers origin server auth and does not mention *-Info at all.
The specs of Proxy-Authentication-Info indicate that it can be used on
any successful auth response to provide the client with details about
the auth, so it makes sense to send it when Negotiate is accepted.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.10
Beta testers wanted for 3.2.0.4