I have a network of Linux machines that all use Kerberos to authenticate and then use those Kerberos tickets for other network services including squid 3[.2]. This all works swimmingly. Now enter the first Windows machine onto the network. It's Windows 8 FWIW. I don't really care for this machine to have SSO, or join domains, etc. so there is no AD and not even any Samba, because for what this machine wants to do (surf the Internet through Squid 3), Samba and domains, etc. is overkill. So I assume then when authenticating from say a browser on this Windows machine to Squid, Negotiate is of no use. Is that right? Would I need at least Samba and domain joining to be able to use Negotiate with Windows [browsers]? If so, let's pass on that. Next up, Basic authentication. That works. If I remove the "auth_param negotiate" configuration from my Squid installation and just leave it with the "auth_param basic" configuration, the Windows machine is able to authenticate and use the proxy. So, if it's true that I need additional overhead like Samba to use Negotiate with Windows, and so must use Basic auth for Windows, how do I prevent squid from offering Negotiate as an authentication method to Windows clients without removing the "auth_param negotiate" configuration altogether? Cheers, b.
Attachment:
signature.asc
Description: This is a digitally signed message part
