[squid-users] Squid as Kerberos client?

Patrick Nick peedee.nick at gmail.com
Wed Mar 14 17:58:54 UTC 2018


Hello list,

We are in the process of Kerberizing our Big Data operation, but we have a
GUI tool in use that is not capable of Kerberos authentication. I'm looking
for a way to keep using it, which means that it needs to read data from a
Kerberos-protected service.

To be clear, I'm looking for a proxy that will take care of the
authentication so that our GUI tool does not need to know. It should
"enrich" the client's "dumb" request to an authenticated request. This
lowers security of course, but I will use other means to make sure that
only that app can talk to the proxy on the network.

I looked into nginx but didn't find a way to do what I want.

Can squid do this?
I've been trying some configs according to
https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos, but it
seems that it always wants to pass the "negotiate" request to the client,
which I'm trying to avoid.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180314/dc20961a/attachment-0001.html>


More information about the squid-users mailing list