I did some further investigation and it seems the ISA server reacts
differently for CONNECT and GET. I tried both Basic and Negotiate with the
existing squid way of doing it (not waiting for a 407, but immediatly send a
Proxy Authorization) and in both cases it works fine for HTTP GET and fails
for HTTP CONNECT. Has anybody experienced similar ?
Is anybody working on squid to handle the processing of a 407 from an
upstream proxy ?
Markus
"Markus Moeller" <huaraz@moeller.plus.com> wrote in message
news:f6eomc$f8f$1@sea.gmane.org...
> Find attached a patch which adds a call to my functions to http.c and a
> tar file with my routines. To make it work do the following:
>
> 1) Patch 2.6.STABLE13 with my patch file and extract my source to squid's
> src directory.
> 2) Run configure with CFLAGS="-I/usr/kerberos/include"
> LDFLAGS="-L/usr/kerberos/lib -Wl,-R/usr/kerberos/lib"
> LIBS="-lgssapi_krb5 -lkrb5" ./configure (this assumes MIT Kerberos)
> 3) Configure Kerberos with AD as kdc
> 4) Create a keytab with an AD user (This will be the user for
> authenticating squid to the ISA server) as follows
> #ktutil
> ktutil: addent -password -p markus@WINDOWS2003.HOME -k 1 -e rc4-hmac
> Password for markus@WINDOWS2003.HOME:
> ktutil: wkt mm.keytab
> ktutil: quit
> 5) Set the keytab environment variable in the squid startup file with:
> export KRB5_KTNAME=FILE:/etc/squid/mm.keytab
> 6) Add a line to squid.conf like
> cache_peer isa.windows2003.home parent 8080 0 proxy-only
> no-query login=NEGOTIATE
>
> Markus
>
> If the attachments don't get through you can find then at
> http://squidkerbauth.cvs.sourceforge.net/squidkerbauth/ under
> squid_kerb_proxy_auth
>
>
>
>
> "Henrik Nordstrom" <henrik@henriknordstrom.net> wrote in message
> news:1183503059.9447.13.camel@henriknordstrom.net...
>
>
--------------------------------------------------------------------------------
>
>
>
Received on Sun Jul 08 2007 - 03:38:42 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:06 MDT