[squid-users] Re: ISA Server 2006 as cache_peer for Squid 2.6 using Kerberos or NTLMv2 authentication from Markus Moeller on 2007-06-30 (squid-users)

From: Markus Moeller <huaraz@dont-contact.us>
Date: Sat, 30 Jun 2007 16:40:01 +0100

I created a small helper program squid_kerb_proxy_auth which can be found at
http://squidkerbauth.cvs.sourceforge.net/squidkerbauth/

It creates a base 64 encoded GSSAPI token (I think the ISA server accepts
GSSAPI and SPNEGO token, if not I can convert if reuired).
./squid_kerb_proxy_auth -k mm.keytab -p markus@SUSE.HOME -P
opensuse.suse.home
2007/06/30 16:37:38| squid_kerb_proxy_auth: Token:
YIICCQYJKoZIhvcSAQICAQBuggH4MIIB9KADAgEFoQMCAQ6iBwMFACAAAACjggEhYYIBHTCCARmgAwIBBaELGwlTVVNFLkhPTUWiJTAjoAMCAQGhHDAaGwRIVFRQGxJvcGVuc3VzZS5zdXNlLmhvbWWjgd0wgdqgAwIBF6EDAgEEooHNBIHKES4hqFdcNyLv0TjCts2L3bm1uQloST5Mhi2BJEhRw4AKVoDKwE8Y6XPssG5VVXjQyqcBjfKJ1hcsCFQ/b60BJ2l4e1L93Pzv4mLn/QnmpOYI4Z8YyBUd2t013HS6JEGgNBaQyEnlU8tZwxFOicPPooH/k3l0RcdmORqqWvE1G8K4AjjyPPzhZseFjeCUjXZhYnZ2szSVgeDahG0NSLaSPuQoHB7uhPV6bV8FwtkOSpI0RqiUJaEIlj7jzgRPXKfJnZyCCCqpOoB7eaSBuTCBtqADAgEXooGuBIGrH7kJYA/g59AYiPyw/ZtMOQ9YqXehJhNABV3zXWBwGboDrSJbive5I37CWleucMJBskteYhV5ikIitRW5L1aZJ+GSD0M/lRtwhbjeSigXqlNpxcZTRCVbyn0rtxNJTaCtWRKNgqNBdPJWw9IR5rNmiOL6fUNFf/RzbwBlm3ka8uaYHaREfJ6xnrjkXHXZuAEiOR4B39MDKaZGD/MX3FmhtdtuhP3QDqXO1KXx

If somebody can point me to the right point in the squid code I can create a
patch so that the token get send on a Proxy authentication: Negotiate
request.

Regards
Markus

"Wisskirchen, Dominik /Z22" <Dominik.Wisskirchen@bmbf.bund.de> wrote in
message
news:B23E3DD4D422AC469FB6DAD5E28D3FB401636504@s-bn-mx-03.epl30.intern...
Hello all,

Can I use a ISA Server 2006 as a cache_peer for Squid 2.6 using a
Kerberos or NTLMv2 authentication?

NTLM(v1) has been disabled due to security reasons.

I want the Squid proxy to use the ISA Server as an upstream server, but
the ISA Server only allows NTLMv2 or Kerberos authentication.

To clarify: I do NOT want clients of the Squid proxy to be
authenticated, only the Squid proxy itself shall authenticate to the ISA
Server.

(Kerberos/NTLMv2) (no authentication)
ISA 2006 -----------------Squid 2.6--------------------Clients (without
Kerberos/NTLMv2 support)

Thanks for any answers in advance
Dominik
Received on Sat Jun 30 2007 - 09:41:28 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:05 MDT