[squid-users] Kerberos authentication with multiple squids
Grant Taylor
gtaylor at tnetconsulting.net
Sun Oct 17 16:57:10 UTC 2021
On 10/17/21 10:46 AM, Markus Moeller wrote:
> I see, I think this would mean using Basic Auth to proxy1 which then
> gets a Kerberos ticket for the user to authenticate to proxy2. This is
> possible, but I would not think it is a good secure option.
I think that we're now talking about the same function.
I don't think that HTTP's Basic (realm) Authentication is required.
My understanding is that you can use Kerberos from clinet0 to proxy1 and
that proxy1 can use the same mechanism to get a special ticket to
communicate from proxy1 to proxy2 as the original user.
The scenario I described in the last email was to stet the stage to
describe where the Kerberos protocol proxying was happening, not the
method in the client to server part.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20211017/fd1c3249/attachment.bin>
More information about the squid-users
mailing list