[squid-users] Kerberos authentication with multiple squids

Grant Taylor gtaylor at tnetconsulting.net
Thu Oct 14 17:49:04 UTC 2021


On 10/13/21 1:48 PM, Markus Moeller wrote:
> The problem lies more in the way how Kerberos proxy authentication 
> works. The client uses the proxy name to create a ticket and in this 
> case it would be the name of the first proxy e.g. proxy1.internal.  The 
> first proxy will pass it through to the authenticating proxy for 
> authentication proxy2.internal.

My understanding is that there is a way that a Kerberized service 
(proxy1 in this case) could act as a Kerberos protocol proxy agent (of 
sorts) and ask for a special type of Kerberos ticket on behalf of the 
client (client0) asking it (proxy1) for service which it (proxy1) would 
use when forwarding connections on to another host (proxy2 in this 
case).  Is my general understanding of Kerberos wrong?

Does Squid support such Kerberos protocol proxy agent (term?) support?



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20211014/d81449a3/attachment.bin>


More information about the squid-users mailing list