Re: [squid-users] kerberos auth does not work for ftp traffic?

From: Amos Jeffries <>
Date: Wed, 17 Apr 2013 19:53:09 +1200

On 17/04/2013 6:56 p.m., Sean Boran wrote:
> Hi,
> Kerberos is authenticating http/s traffic for me from certain client
> addresses just fine.
> However ftp is being rejected, does the browser+squid not auth ftp in
> the same way as http?
> If ftp does work with kerberos, is there a way (ACL) that ftp traffic
> can be excluded from kerberos auth?
> Thanks in advance,
> Sean

FTP protocol only supports a form of Basic authentication. So Squid maps
FTP server authentication to www-auth headers as Basic scheme.

The link between client and Squid is of course HTTP and can use the full
range of HTTP schemes normally.

The two levels of authentication, client->server and client->squid are
completely independent so the client can login with Negotiate/Kerberos
to the proxy and Basic to the FTP server simultaeneously. The main
problems are lack of proper HTTP support (or just Kerberos support) in
FTP clients which claim to support HTTP proxies.

Received on Wed Apr 17 2013 - 07:53:19 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 17 2013 - 12:00:04 MDT