Search squid archive

Re: Squid as Kerberos client?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Amos, this sounded promising. Unfortunately the behavior I observe is not what I expect.
So I added the following config:

cache_peer my.company.webserver.net parent 8081 0 no-query login=NEGOTIATE:myPrincipal

But now squid still does not do the SPNEGO negotiation. I can see in the logs that it connects to the specified "parent" cache_peer, which returns "401 Unauthorized" as expected. But then squid just returns that to the client instead of sending another request with the Kerberos ticket to complete the negotiation.
Am I misunderstanding what's supposed to happen? 
Or am I not configuring it right? (The keytab is readable by the squid user)

On Thu, Mar 15, 2018 at 9:44 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 15/03/18 11:01, Patrick Nick wrote:
> It consumes the data for its graphs from a REST API via HTTP, on ports
> in the 8000-9000 range.
>

Then you can use cache_peer from the proxy to the origin server. See the
"AUTHENTICATION OPTIONS" section for how to send various types of
credentials to that peer.
<http://www.squid-cache.org/Doc/config/cache_peer/>

Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux