[squid-users] Squid as Kerberos client?

Patrick Nick peedee.nick at gmail.com
Wed Mar 14 18:27:48 UTC 2018 

Hi Enrico,

You write

> But squid cannot authenticate those requests on the destination server if
> it needs authentication as well.


So how do I make it NOT need authentication?
I want it to authenticate the request on behalf of the client, so that my
client app does not need to authenticate.
Squid can use the keytab that I give it for that.


On Wed, Mar 14, 2018 at 7:22 PM, Enrico Heine <flashdown at data-core.org>
wrote:

> Hi,
>
> Easy going, you can allow traffic from a specific source or traffic to a
> specific destination before you require authentication on the proxy. You
> can also restrict it to both, src and destination and additionaly specific
> ports. But squid cannot authenticate those requests on the destination
> server if it needs authentication as well.
>
> Best regards,
> Enrico
>
>
> Am 14. März 2018 18:58:54 MEZ schrieb Patrick Nick <peedee.nick at gmail.com
> >:
>>
>> Hello list,
>>
>> We are in the process of Kerberizing our Big Data operation, but we have
>> a GUI tool in use that is not capable of Kerberos authentication. I'm
>> looking for a way to keep using it, which means that it needs to read data
>> from a Kerberos-protected service.
>>
>> To be clear, I'm looking for a proxy that will take care of the
>> authentication so that our GUI tool does not need to know. It should
>> "enrich" the client's "dumb" request to an authenticated request. This
>> lowers security of course, but I will use other means to make sure that
>> only that app can talk to the proxy on the network.
>>
>> I looked into nginx but didn't find a way to do what I want.
>>
>> Can squid do this?
>> I've been trying some configs according to https://wiki.squid-cache.org/
>> ConfigExamples/Authenticate/Kerberos, but it seems that it always wants
>> to pass the "negotiate" request to the client, which I'm trying to avoid.
>>
>
> --
> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180314/1625872b/attachment.html>

More information about the squid-users mailing list