Hi Henrik,
After a long fight with SSP Windows function calls, finally I have a
working SPNEGO authenticator on Windows, and Kerberos authentication is used.
This is the test environment:
Client:
Windows 2000 Professional running Mozilla 1.5 beta 2
Server:
Windows 2000 Professional running Squid 2.5 with negotiate patch and
a native negotiate helper
Both machines are member of a Windows 2003 domain.
But I discovered something strange:
Using Kerberos, only the blob provided from the client (should be the
Service Token) is needed, so the communication between Squid and the
helper must be only YR ==> AF.
I have found the same behaviour using Microsoft ISA Server 2004.
As a check, I can find in the Security log of the proxy server the
Kerberos logon events associated to the Squid usage.
Really I don't know if this happens only while running natively on Windows.
I will try to do some test using Samba 4 ntlm_auth.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Sun Oct 16 2005 - 06:30:11 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:07 MST