[squid-users] Squid as Kerberos client?
Enrico Heine
flashdown at data-core.org
Wed Mar 14 19:43:30 UTC 2018
Which protocols and ports is that GUI tool using for what it's doing with it's remote endpoint that requires kerberos authentication?
Am 14. März 2018 19:27:48 MEZ schrieb Patrick Nick <peedee.nick at gmail.com>:
>Hi Enrico,
>
>You write
>
>> But squid cannot authenticate those requests on the destination
>server if
>> it needs authentication as well.
>
>
>So how do I make it NOT need authentication?
>I want it to authenticate the request on behalf of the client, so that
>my
>client app does not need to authenticate.
>Squid can use the keytab that I give it for that.
>
>
>On Wed, Mar 14, 2018 at 7:22 PM, Enrico Heine <flashdown at data-core.org>
>wrote:
>
>> Hi,
>>
>> Easy going, you can allow traffic from a specific source or traffic
>to a
>> specific destination before you require authentication on the proxy.
>You
>> can also restrict it to both, src and destination and additionaly
>specific
>> ports. But squid cannot authenticate those requests on the
>destination
>> server if it needs authentication as well.
>>
>> Best regards,
>> Enrico
>>
>>
>> Am 14. März 2018 18:58:54 MEZ schrieb Patrick Nick
><peedee.nick at gmail.com
>> >:
>>>
>>> Hello list,
>>>
>>> We are in the process of Kerberizing our Big Data operation, but we
>have
>>> a GUI tool in use that is not capable of Kerberos authentication.
>I'm
>>> looking for a way to keep using it, which means that it needs to
>read data
>>> from a Kerberos-protected service.
>>>
>>> To be clear, I'm looking for a proxy that will take care of the
>>> authentication so that our GUI tool does not need to know. It should
>>> "enrich" the client's "dumb" request to an authenticated request.
>This
>>> lowers security of course, but I will use other means to make sure
>that
>>> only that app can talk to the proxy on the network.
>>>
>>> I looked into nginx but didn't find a way to do what I want.
>>>
>>> Can squid do this?
>>> I've been trying some configs according to
>https://wiki.squid-cache.org/
>>> ConfigExamples/Authenticate/Kerberos, but it seems that it always
>wants
>>> to pass the "negotiate" request to the client, which I'm trying to
>avoid.
>>>
>>
>> --
>> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
>>
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180314/e4bc7e21/attachment.html>
More information about the squid-users
mailing list