Thanks Amos, this sounded promising. Unfortunately the behavior I observe is not what I expect.
So I added the following config:
cache_peer my.company.webserver.net parent 8081 0 no-query login=NEGOTIATE:myPrincipal
But now squid still does not do the SPNEGO negotiation. I can see in the logs that it connects to the specified "parent" cache_peer, which returns "401 Unauthorized" as expected. But then squid just returns that to the client instead of sending another request with the Kerberos ticket to complete the negotiation.
Am I misunderstanding what's supposed to happen?
Or am I not configuring it right? (The keytab is readable by the squid user)
On Thu, Mar 15, 2018 at 9:44 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 15/03/18 11:01, Patrick Nick wrote:
> It consumes the data for its graphs from a REST API via HTTP, on ports
> in the 8000-9000 range.
>
Then you can use cache_peer from the proxy to the origin server. See the
"AUTHENTICATION OPTIONS" section for how to send various types of
credentials to that peer.
<http://www.squid-cache.org/Doc/config/cache_peer/ >
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
