[squid-users] Squid, Kerberos and FireFox (Was: Re: leaking memory in squid 3.4.8 and 3.4.7.)
Victor Sudakov
sudakov at sibptus.tomsk.ru
Mon Oct 6 04:09:01 UTC 2014
And before I forget and before somebody asks. In Firefox:
network.negotiate-auth.allow-proxies=true
network.negotiate-auth.gsslib=""
network.negotiate-auth.using-native-gsslib=true
Victor Sudakov wrote:
> Rafael Akchurin wrote:
> > I believe I do (but you made me doubt:)
> >
>
> Well, I have tried negotiate_kerberos_auth with Firefox (Windows) and
> they don't work together. I am attaching a packet dump which boils
> down basically to the following:
>
> 1. proxy.sibptus.transneft.ru:3131 is configured in Firefox (new clean
> profile) as a proxy server for all protocols.
>
> 2. Firefox receives an "HTTP/1.1 407 Proxy Authentication Required"
> with the "Proxy-Authenticate: Negotiate" header.
>
> 3. A Kerberos ticket is requested by the Windows host from the domain
> controller for 'df at SIBPTUS' or some such odd principal instead of
> something like 'HTTP/proxy.sibptus.transneft.ru at SIBPTUS.TRANSNEFT.RU'.
>
> 4. The domain controller predictably responds with 'PRINCIPAL UNKNOWN'
> and proxy authentication fails.
>
> WTF is 'df at SIBPTUS' I have not the slightest idea.
>
> Any suggestions are welcome.
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> sip:sudakov at sibptus.tomsk.ru
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the squid-users
mailing list