I have a network of Linux machines that all use Kerberos to authenticate
and then use those Kerberos tickets for other network services including
squid 3[.2]. This all works swimmingly.
Now enter the first Windows machine onto the network. It's Windows 8
FWIW.
I don't really care for this machine to have SSO, or join domains, etc.
so there is no AD and not even any Samba, because for what this machine
wants to do (surf the Internet through Squid 3), Samba and domains, etc.
is overkill.
So I assume then when authenticating from say a browser on this Windows
machine to Squid, Negotiate is of no use. Is that right? Would I need
at least Samba and domain joining to be able to use Negotiate with
Windows [browsers]? If so, let's pass on that.
Next up, Basic authentication. That works. If I remove the "auth_param
negotiate" configuration from my Squid installation and just leave it
with the "auth_param basic" configuration, the Windows machine is able
to authenticate and use the proxy.
So, if it's true that I need additional overhead like Samba to use
Negotiate with Windows, and so must use Basic auth for Windows, how do I
prevent squid from offering Negotiate as an authentication method to
Windows clients without removing the "auth_param negotiate"
configuration altogether?
Cheers,
b.
This archive was generated by hypermail 2.2.0 : Fri Dec 20 2013 - 12:00:06 MST