Thanks for the reply.
I have two acls:
acl FAKE-AUTH proxy_auth required
acl CHILD-PROXY src 192.168.0.1
It's working now but I need to tell my parent proxy to accept the two directive:
http_access allow FAKE-AUTH
http_access allow CHILD-PROXY
With onle the :
http_access allow FAKE-AUTH
or the directive
http_access allow FAKE-AUTH CHILD-PROXY
It won't work.
Do you know why ?
2016-03-09 12:41 GMT+01:00 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 9/03/2016 2:08 a.m., Johnatan wrote:
> Hello there,
>
> I have 2 proxy.
> On the first, I perform a Kerberos authentication from my users.
> On the parent proxy I want to retrieve the login (username) information.
> I don't want to perform a real authentication on the parent proxy so I have
> already tested the documentation with the dummy authentication but it
> doesn't seem to work for kerberos authentication.
> Is there a way for the parent proxy to get the username from my child proxy?
>
Lets be clear: Negotiate/Kerberos authenticates the *TCP connection*.
The single one between the client and your first proxy. The
authentication is *invalid* on any other connection the message travels
over.
This is the main way that Negotiate still violates HTTP messaging
requirements.
Now thats out of the way. The username can be passed on to the second
proxy using simpler Basic auth:
cache_peer ... login=*:foo
Where "foo" is a fake password. The receiving proxy will still need to
perform authentication (with basic_fake_auth helper) to get access to
the username info.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
