Re: Squid authentication to upstream ISA server with Negotiate/Kerberos

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Sun, 01 Jul 2007 13:21:03 +0200

On Sat, 2007-06-30 at 23:53 +0100, Markus Moeller wrote:
> I'd like to implement a way that squid authenticates to an upstream ISA
> proxy server. The ISA server will request a Proxy-Authenticate: Negotiate
> and I have a routine which can create the Kerberos token for the
> Proxy-Authorize: Negotiate response, but I am not sure where I need to add
> the code to squid. Also I was thinking to add a login=NEGOTIATE option to
> cache_peer. Can anybody point me to the right section ?

Squid currently can not act very well on the 407, but you can have it
add the token immediately on the first request without waiting for the
Netgotiate "challenge", at least as long as the token can be sent
immediately with no negotiation taking place.

This will require some modifications in http.cc to add the header, and a
new helper to be defined to query for the token..

Regards
Henrik

Received on Sun Jul 01 2007 - 05:21:09 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:06 MDT