Search squid archive

Re: Kerberos authentication with multiple squids

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 14/10/21 8:48 am, Markus Moeller wrote:
The problem lies more in the way how Kerberos proxy authentication works. The client uses the proxy name to create a ticket and in this case it would be the name of the first proxy e.g. proxy1.internal.  The first proxy will pass it through to the authenticating proxy for authentication proxy2.internal. Now the client receiving a 407 thinks that proxy1 asked for authentication (not knowing it is only a passthrough) and will ask for a ticket for proxy1, which it can't get as proxy1 is not in AD.  Even if proxy1 would be in AD, the client would send a proxy1 ticket to proxy2 which will be rejected.

Markus
\

Aha. That make ssense.

Can we get the Kerberos auth wiki page updated with that info? this is something that has come up a few times.


Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux