Search squid archive

Re: Proxy-Authentication-Info header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/01/11 03:17, Markus Moeller wrote:
Hi,

When should I expect to see a Proxy-Authentication-Info header ? I
noticed that when I use Kerberos authentication with squid_kerb_auth on
Version 3.0.STABLE25 that squid_kerb_auth returns AF
oRQwEqADCgEAoQsGCSqGSIb3EgECAg== markus@xxxxxxxxx to squid, but
oRQwEqADCgEAoQsGCSqGSIb3EgECAg== is added to a 200 OK as
Proxy-Authentication-Info header and not to a Proxy-Authorization header
for further processing by the client.


GET http://192.168.1.127:9090/w16c332bd.60732998:00000008/t03/_00000001
HTTP/1.1
Accept: */*
Host: 192.168.1.127:9090
X-Xact: 16c332bd.60732998:00000002 16c332bd.60732998:0000000c 0
X-Loc-World: 16c332bd.60732998:00000008 -1/1 0
X-Rem-World: 16c332bd.60732998:00000008 -1/1 0
X-Target: 192.168.1.127:9090
X-Abort: 1798565613 512442519
X-Phase-Sync-Pos: 0
Proxy-Connection: close
Proxy-Authorization: Negotiate
YIICgwYGKwYBBQUCoIICdzCCAnOgHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggJOBIICSmCCAkYGCSqGSIb3EgECAgEAboICNTCCAjGgAwIBBaEDAgEOogcDBQAAAAAAo4IBXmGCAVowggFWoAMCAQWhCxsJU1VTRS5IT01FoicwJaADAgEDoR4wHBsESFRUUBsUb3BlbnN1c2UxMS5zdXNlLmhvbWWjggEXMIIBE6ADAgEXoQMCAQOiggEFBIIBAaC6OrRsodSdqr+Y15NtSpBpfanzwI865Yr/5pbFYO+U05YTpZkIKz1ioQaoEIiavnuk6mSy4pAPNyrhz5xmlkyBQ+/ZA3X87lTbik7+piyy4vRWUlkXSLFqLCQ+vDTA3Tn1DSgagvIitFaeS5ARkzlcbas3hyKyQJgRmD11NVAxlFTq/tNHk6TvLODP1Cb0fEGhl4+3uzOrA7zbTwrj0rcTQQ+oz+DXXd+NV+XYFKeubXFACZUfHDM/XDWyVBrcu2KfqgiUzlGd04jLF4BQZq4iptSoDpAPrlt7U/DgMk/5pIERfLFR/UVjT7CdLN7v5uN75/3axwLmqbbV+/Z1ccP8pIG5MIG2oAMCAReiga4EgasCdd9tBqcqYnW6xphxYurzncg3PxYJdxvnMU+XW11jXB8Krnj3+i296Ip4/AU9h8OZF2FDGThPrjT+zavB5r28NImnOX79Ds5650hN7TpIii/gcb3hBV0D6cLSJJcUCrgGoSrX70zGvIqNa/POioE3sIbIOdZ9m9Yu/Uwf66rItmqtPv5lo7s1W8J34e7PS2n5kZzf1jvJ786UNspn4C2a1uH7eYR0jC94lyU=


HTTP/1.0 200 OK
Cache-Control: public
Date: Wed, 05 Jan 2011 14:15:43 GMT
Content-Length: 18219
X-Target: 192.168.1.127:9090
X-Xact: 16c332a4.3f2d298e:00000002 16c332bd.60732998:7ffffff3 0
X-Abort: 1412400744 2082554117
X-Phase-Sync-Pos: 0
Proxy-Authentication-Info: Negotiate oRQwEqADCgEAoQsGCSqGSIb3EgECAg==
X-Cache: MISS from opensuse11.suse.home
X-Cache-Lookup: MISS from opensuse11.suse.home:3128
Via: 1.0 opensuse11.suse.home (squid/3.0.STABLE25)
Proxy-Connection: close

Is that correct or did I misconfigure something ?

Proxy-Authorization is only on requests from the client.

Squid will send Proxy-Authentication-Info on successfully authenticated digest or negotiate responses. Digest is done as per RFC 2617. I'm unable to find any proxy-auth* specs for Negotiate protocol, RFC 4559 only covers origin server auth and does not mention *-Info at all.

The specs of Proxy-Authentication-Info indicate that it can be used on any successful auth response to provide the client with details about the auth, so it makes sense to send it when Negotiate is accepted.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.10
  Beta testers wanted for 3.2.0.4


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux