[squid-users] parent_proxy kerberos authentication logging
Amos Jeffries
squid3 at treenet.co.nz
Wed Mar 9 11:41:13 UTC 2016
On 9/03/2016 2:08 a.m., Johnatan wrote:
> Hello there,
>
> I have 2 proxy.
> On the first, I perform a Kerberos authentication from my users.
> On the parent proxy I want to retrieve the login (username) information.
> I don't want to perform a real authentication on the parent proxy so I have
> already tested the documentation with the dummy authentication but it
> doesn't seem to work for kerberos authentication.
> Is there a way for the parent proxy to get the username from my child proxy?
>
Lets be clear: Negotiate/Kerberos authenticates the *TCP connection*.
The single one between the client and your first proxy. The
authentication is *invalid* on any other connection the message travels
over.
This is the main way that Negotiate still violates HTTP messaging
requirements.
Now thats out of the way. The username can be passed on to the second
proxy using simpler Basic auth:
cache_peer ... login=*:foo
Where "foo" is a fake password. The receiving proxy will still need to
perform authentication (with basic_fake_auth helper) to get access to
the username info.
Amos
More information about the squid-users
mailing list