[squid-users] squid 5.1: Kerberos: Unable to switch to basic auth with Edge - IE - Chrome
Amos Jeffries
squid3 at treenet.co.nz
Tue Sep 21 00:49:21 UTC 2021
On 21/09/21 11:49 am, David Touzeau wrote:
>
> When edge, chrome and IE try to establish a session, Squid claim
>
> 2021/09/21 01:17:27 kid1| ERROR: Negotiate Authentication validating
> user. Result: {result=BH, notes={message: received type 1 NTLM token; }}
>
> This let us understanding that these 3 browsers try NTLM instead of a
> Basic Authentication.
>
> I did not know why these browsers using NTLM as they did not connected
> to the Windows domain
Unlike Kerberos, NTLM does not require the machine to be connected to a
domain to have credentials. AFAIK the browser still has access to the
localhost user credentials for use in NTLM. Or the machine may even be
trying to use the Basic auth credentials as LM tokens with NTLM scheme.
> Why squid never get the Basic Authentication credentials. ?
>
That is a Browser decision. All Squid can do is offer the schemes it
supports and they have to choose which is used.
> Did i miss something ?
With Squid-5 you can use the auth_schemes directive to workaround issues
like this.
<http://www.squid-cache.org/Versions/v5/cfgman/auth_schemes.html>
Amos
More information about the squid-users
mailing list