Hi again,
> I have been looking for the same setup as you are (transparent
> authentication proxy in a full linux environment, ie linux/firefox +
> linux/heimdal kerberos + linux/squid) for some time already, and I
> asked the same question a few month ago with the same answer (need of
> a helper). So I have read this thread with much interest, and think I
> may add a few bits of information here.
>
> You have mentionned in a previous post that your firefox was doing
> native KRB5 nego instead of SPNEGO/KRB5. It may go back to the
> original implementation that can be found at
> http://meta.cesnet.cz/cms/opencms/en/docs/software/devel/negotiate.html
> : <quote>Since we don't have any SPNEGO implementation we are using
> directly Kerberos implementation of GSS API". </quote> . I don't know
> if spnego has been added since then.
I answer to my own question here. According to the tutorial
http://www.grolmsnet.de/kerbtut/ (Using mod_auth_kerb and Windows
2000/2003 as KDC), mod_auth_kerb can serve IE clients. So I guess it
must be able to handle SPNEGO.
Cheers,
Denis
>
> The interesting bit is that the same people have developped an apache
> authentication module corresponding to the mozilla negotiation
> implementation (http://modauthkerb.sourceforge.net/index.html) .
> Please correct me if I'm wrong, but a apache auth module and a squid
> auth helper should be quite similar, shouldn't it? Current maintainer
> of the apache kerberos auth module is Daniel Kouril, who is
> working/studying in a Czesk university. He is working on the myproxy
> project, whose goal is to ease the authentication/authorization
> management using certificates, especially in grid computing
> environement. I'll drop him an email to see if he is interested to
> collaborate with the squid community.
>
> Cheers,
>
> Denis
>
>
>
>> Regards
>> Henrik
>>
>
>
-- Denis Cardon Tranquil IT Systems 10 rue du Docteur Bouchard 49400 Saumur tel : +33 (0) 2.41.67.56.99 fax : +33 (0) 2.40.56.09.81 mob : +33 (0) 6 81 66 27 62 http://www.tranquil-it-systems.frReceived on Tue Jan 02 2007 - 04:02:57 MST
This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:00 MST