[squid-users] Kerberos authentication with multiple squids
Grant Taylor
gtaylor at tnetconsulting.net
Sun Oct 17 05:27:44 UTC 2021
On 10/16/21 1:31 PM, Markus Moeller wrote:
> I think you talk about a kdc proxy, which is for another case.
I don't think so. I'm not talking about using a proxy to access the KDC.
I'm talking about using a component of the following scenario:
1) Client uses traditional username and password to authenticate to an
IMAP server.
2) IMAP server uses the provided credentials to request some sort of
ticket (I don't remember what type) on the user's behalf.
3) IMAP server uses the ticket on the user's behalf to access the
user's messages stored on an NFS server.
I'm suggesting that the proxy1 (from the other message) do something on
the user's behalf to request a ticket for the user that proxy1 can then
use to authenticate as the user to proxy2.
It's been quite a while since I've read about this so I may be
completely wrong. But I distinctly remember there was a way to have an
intermediate (e.g. IMAP) server accept username and password from
clients and access a backend file server on the client's behalf in such
a way that the backend server saw normal kerberized connections.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20211016/bad33b41/attachment.bin>
More information about the squid-users
mailing list