On 9/03/2016 2:08 a.m., Johnatan wrote: > Hello there, > > I have 2 proxy. > On the first, I perform a Kerberos authentication from my users. > On the parent proxy I want to retrieve the login (username) information. > I don't want to perform a real authentication on the parent proxy so I have > already tested the documentation with the dummy authentication but it > doesn't seem to work for kerberos authentication. > Is there a way for the parent proxy to get the username from my child proxy? > Lets be clear: Negotiate/Kerberos authenticates the *TCP connection*. The single one between the client and your first proxy. The authentication is *invalid* on any other connection the message travels over. This is the main way that Negotiate still violates HTTP messaging requirements. Now thats out of the way. The username can be passed on to the second proxy using simpler Basic auth: cache_peer ... login=*:foo Where "foo" is a fake password. The receiving proxy will still need to perform authentication (with basic_fake_auth helper) to get access to the username info. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
