[squid-users] Squid 3 (20) Kerberos Authentication working except for Safari on Mac

Hi,

I've been working through Squid 3 STABLE 20 running on RHEL 5.3 with Samba
3-3.2.15 and want Kerberos authentication working for my IE7, FF on PC and
FF and Safari on my Mac OSX 11.5. I am only using the kerberos helper and
nothing else. I understand that all these will work out of the box with
Kerberos. I have a very basic squid.conf file, which insists on
authentication (with the standard POST, CONNECT exceptions etc)

You'll be pleased to know it's working OK for my WIN IE and FF and my Mac FF
- I see my authentication requests/web traffic on Cache.log and Access.log.
I'm v happy about it (and all the documentation to help!)

HOWEVER... my Safari (v4.0.4) is not working. I receive the CACHE ACCESS
denied page. I am sure I have had it working ok - on other test Squids! When
I try to browse the web from Mac Safari I don't see anything at all in the
logs - no prompts or anything. I have my System Prefs set to use a proxy of
the hostname of my Squid box, like my other configurations for FF and IE.

I then did a Wireshark trace and after my client's GET I see the following:
===
HTTP/1.0 407 Proxy Authentication Required\r\n
    Server: squid/3.0.STABLE20\r\n
    Mime-Version: 1.0\r\n
    Date: Mon, 22 Feb 2010 16:12:26 GMT\r\n
    Content-Type: text/html\r\n
    Content-Length: 2271
    X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\n
    Proxy-Authenticate: Negotiate\r\n
    X-Cache: MISS from RHNET4.[MYFQDN]\r\n
    X-Cache-Lookup: NONE from RHNET4.[MYFQDN]:8080\r\n
    Via: 1.0 RHNET4.[MYFQDN] (squid/3.0.STABLE20)\r\n
    Proxy-Connection: close\r\n
    \r\n

===

I don't see why Safari is breaking whereas all the others are not. Safari
supports Kerberos out of the box. If I change the helper from Kerberos to
NTLM then I am prompted for my username and login..but I want SSO with no
prompts :)

Thanks for your time,

nickcx

-- 
View this message in context: http://n4.nabble.com/Squid-3-20-Kerberos-Authentication-working-except-for-Safari-on-Mac-tp1564702p1564702.html
Sent from the Squid - Users mailing list archive at Nabble.com.