RE: [squid-users] Login Popups on Windows XP with squid_kerb_auth and external acl

From: Игорь Потапов <potapoviv_at_vnipigaz.gazprom.ru>
Date: Wed, 14 Mar 2012 15:51:50 +0400

I've found failing component. It’s external_acl_type with the %LOGIN parameter. It starts some kind of authentification if it thinks user is not authenticated. And that procedure force IE on XP to open login window. I think theat procedure is different one than in squid_kerb_auth' ACL.
How can I help to determine root cause if this issue?

> -----Original Message-----
> From: Игорь Потапов [mailto:potapoviv_at_vnipigaz.gazprom.ru]
> Sent: Tuesday, March 13, 2012 10:44 AM
> To: squid-users_at_squid-cache.org
> Subject: [squid-users] Login Popups on Windows XP with squid_kerb_auth and external acl
>
> Hi.
> squid is 3.1.19 on FreeBSD 8.2 with MIT kerberos. squid_kerb_auth is in use as the only
> auth scheme. Have some external acl to check authorization in mysql db. On machines
> running XP SP2 with IE8 (enabled Windows Intergrated Auth) sometimes authentication
> windows popup. I think this is happening if some request is denied by external auth
> script. If I hit Cancel page loads further. On Windows 7 see no such behavior.
> Config is here http://pastebin.com/QyCiha8Q Here is external auth script
> http://pastebin.com/LiAmniSz I think IE8 on XP sometimes doesn't send Authorization and
> asks for it. Or falls back to NTLM. I've made some workarounds to disable login windows
> but on XP they appear.
> Can I force IE8 on XP to use only negotiate/Kerberos?
Received on Wed Mar 14 2012 - 11:52:00 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 15 2012 - 12:00:02 MDT