Search squid archive

Re: Kerberos TCP/DENIED 407

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/03/2012 1:07 a.m., JC Putter wrote:
Amos,

Thank you for the reply.

Sorry I meant 3.0 STABLE 19.
Please at minimum upgrade to 3.0.STABLE26 then, if possible 3.1.19. There are a handful of major security vulnerabilities in between.


   The Zimbra Desktop client connects via port 443 and I have the standard ACL;

http_access deny !Safe_ports
http_access deny !SSL_ports

however when I change the ACL to (very insecure)

http_access allow CONNECT (without the exception of !SSL_ports) the zimbra client connects...

no too sure if my ACL is incorrect or if a need to add additional ports in the ACL however according to Zimbra 443 is the only one required.

The ACL you list above is not the defaults. The correct default is:

  http_access deny CONNECT !SSL_ports

SSL_Ports should only contain the HTTPS ports you permit requests to.


I ran wireshark trace I can confirm that the proxy offers all configured authentication schemes and the client responds with a Kerberos ticket.

Okay. It would seem to be some other part of the configuration. If you want a proper analysis please post your whole config (without the comments and empty lines though).

Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux