2016-07-15 6:31 GMT-03:00 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 15/07/2016 4:07 a.m., Sergio Belkin wrote:
> Hi,
>
> Using squid squid-3.5.19-1.el7.centos.x86_64,
>
> I obtain a kerberos ticket but I get the following when trying to use the
> proxy:
>
> 2016/07/14 12:57:03.711 kid1| 29,4| UserRequest.cc(290) authenticate: No
> Proxy-Auth header and no working alternative. Requesting auth header.
> 2016/07/14 12:57:03.712 kid1| 29,9| UserRequest.cc(487) addReplyAuthHeader:
> headertype:46 authuser:NULL
> 2016/07/14 12:57:03.712 kid1| 29,9| Config.cc(188) fixHeader: Sending
> type:46 header: 'Negotiate'
> 2016/07/14 12:57:04.159 kid1| 29,4| UserRequest.cc(290) authenticate: No
> Proxy-Auth header and no working alternative. Requesting auth header.
> 2016/07/14 12:57:04.159 kid1| 29,9| UserRequest.cc(487) addReplyAuthHeader:
> headertype:46 authuser:NULL
> 2016/07/14 12:57:04.159 kid1| 29,9| Config.cc(188) fixHeader: Sending
> type:46 header: 'Negotiate'
>
That looks like a debug log of Negotiate/Kerberos authentication
beginning on two connections.
A good secure client does not send credentials until it needs to. Squdi
has received a request that it needs to authenticate, but does not yet
have credentiasl. So it responds with a 407 or 401 message requesting
the client send them using "Negotiate" auth protocol.
No problem visible.
<snip>
> Please could you help me? Am I doing something wrong?
Perhapse if you described what your problem was ?
Amos, thanks, for your clarification, I get as follows:
"Sorry, you are not currently allowed to request http://www.lxer.com/ from this cache until you have authenticated yourself"
( trying to use from a Linux client:)
"Sorry, you are not currently allowed to request http://www.lxer.com/ from this cache until you have authenticated yourself"
( trying to use from a Linux client:)
(And in fact I've RTFM :-) )
tail /var/log/squid/access.log
192.168.50.37 - - [15/Jul/2016:12:01:05 -0300] "GET http://www.lxer.com/ HTTP/1.1" 407 4064 "-" "curl/7.43.0" TCP_DENIED:HIER_NONE
192.168.50.37 - - [15/Jul/2016:12:01:05 -0300] "GET http://www.lxer.com/ HTTP/1.1" 407 4064 "-" "curl/7.43.0" TCP_DENIED:HIER_NONE
I have a kerberos ticket:
klist
Ticket cache: KEYRING:persistent:16777216:16777216
Default principal: john.doe@EXAMPLE.LOCAL
Valid starting Expires Service principal
15/07/16 12:00:31 15/07/16 22:00:31 krbtgt/EXAMPLE.LOCAL@EXAMPLE.LOCAL
renew until 22/07/16 12:00:31
klist
Ticket cache: KEYRING:persistent:16777216:16777216
Default principal: john.doe@EXAMPLE.LOCAL
Valid starting Expires Service principal
15/07/16 12:00:31 15/07/16 22:00:31 krbtgt/EXAMPLE.LOCAL@EXAMPLE.LOCAL
renew until 22/07/16 12:00:31
End of output
I don't know what I'm doing wrong.
Thanks in advance!
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
--
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
