[squid-users] Squid, Kerberos and FireFox (Was: Re: leaking memory in squid 3.4.8 and 3.4.7.)
Victor Sudakov
sudakov at sibptus.tomsk.ru
Mon Oct 6 04:07:25 UTC 2014
Rafael Akchurin wrote:
> I believe I do (but you made me doubt:)
>
Well, I have tried negotiate_kerberos_auth with Firefox (Windows) and
they don't work together. I am attaching a packet dump which boils
down basically to the following:
1. proxy.sibptus.transneft.ru:3131 is configured in Firefox (new clean
profile) as a proxy server for all protocols.
2. Firefox receives an "HTTP/1.1 407 Proxy Authentication Required"
with the "Proxy-Authenticate: Negotiate" header.
3. A Kerberos ticket is requested by the Windows host from the domain
controller for 'df at SIBPTUS' or some such odd principal instead of
something like 'HTTP/proxy.sibptus.transneft.ru at SIBPTUS.TRANSNEFT.RU'.
4. The domain controller predictably responds with 'PRINCIPAL UNKNOWN'
and proxy authentication fails.
WTF is 'df at SIBPTUS' I have not the slightest idea.
Any suggestions are welcome.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
-------------- next part --------------
A non-text attachment was scrubbed...
Name: r.pcap.gz
Type: application/gzip
Size: 16426 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141006/70904567/attachment.bin>
More information about the squid-users
mailing list