I made Single Sign On environment with AD+Squid and it worked fine. [It works] Client(Windows) -> Squid(CentOS) -> Internet * Client is joined the domain and Squid configured Kerberos Authentication with AD. But after add another squid, it didn't work. [Not works] Client -> Squid(No Auth.) -> Squid(Kerberos Auth) ->Internet I added two line below in squid.conf of 1st Squid(No Auth.) to relay authentication information. --- cache_peer [host_of_second_squid] parent [port_no] 0 no-query login=PASSTHRU never_direct allow all --- I confirmed access.log of 1st Squid. It seemed squid got 407 and challenged with credentials but failed. --- "time=2021/10/12 15:46:23","un=-","credentials=-","host=[ip_of_first_squid]", "src_ip=[ip_of_client_pc]","src_port=49776","dest_ip=-","dest_port=-", "url=www.yahoo.co.jp:443","status=407","http_method=CONNECT"... "time=2021/10/12 15:46:24","un=[user@domain]","credentials=KK (null)\n", "host=[ip_of_first_squid]","src_ip=[ip_of_client_pc]","src_port=49776", "dest_ip=[ip_of_second_squid]","dest_port=3128","url=www.yahoo.co.jp:443", "status=407","http_method=CONNECT".... --- I also tested with login=PASS and connection-auth=on but got same result. I don't understand why authentication fails with relayed authentication information by "login=PASSTHRU" Do I misundastand something or squid originally don't support multiple proxy those relay Kerberos authentication information? For this question I referenced this mail of mailing list. https://www.spinics.net/lists/squid/msg85519.html I submitted a question with images to stackoverflow. https://stackoverflow.com/questions/69536317/is-it-possible-to-pass-kerberos-credentials-between-multiple-squids I would appreciate it if you could point out any points you noticed. Regards, _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
