[squid-users] Squid as Kerberos client?
Enrico Heine
flashdown at data-core.org
Wed Mar 14 18:22:30 UTC 2018
Hi,
Easy going, you can allow traffic from a specific source or traffic to a specific destination before you require authentication on the proxy. You can also restrict it to both, src and destination and additionaly specific ports. But squid cannot authenticate those requests on the destination server if it needs authentication as well.
Best regards,
Enrico
Am 14. März 2018 18:58:54 MEZ schrieb Patrick Nick <peedee.nick at gmail.com>:
>Hello list,
>
>We are in the process of Kerberizing our Big Data operation, but we
>have a
>GUI tool in use that is not capable of Kerberos authentication. I'm
>looking
>for a way to keep using it, which means that it needs to read data from
>a
>Kerberos-protected service.
>
>To be clear, I'm looking for a proxy that will take care of the
>authentication so that our GUI tool does not need to know. It should
>"enrich" the client's "dumb" request to an authenticated request. This
>lowers security of course, but I will use other means to make sure that
>only that app can talk to the proxy on the network.
>
>I looked into nginx but didn't find a way to do what I want.
>
>Can squid do this?
>I've been trying some configs according to
>https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos, but
>it
>seems that it always wants to pass the "negotiate" request to the
>client,
>which I'm trying to avoid.
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180314/57aa9d0a/attachment.html>
More information about the squid-users
mailing list