[squid-users] Kerberos authentication with multiple squids

Grant Taylor gtaylor at tnetconsulting.net
Sun Oct 17 16:57:10 UTC 2021


On 10/17/21 10:46 AM, Markus Moeller wrote:
> I see,  I think this would mean using Basic Auth to proxy1 which then 
> gets a Kerberos ticket for the user to authenticate to proxy2.  This is 
> possible, but I would not think it is a good secure option.

I think that we're now talking about the same function.

I don't think that HTTP's Basic (realm) Authentication is required.

My understanding is that you can use Kerberos from clinet0 to proxy1 and 
that proxy1 can use the same mechanism to get a special ticket to 
communicate from proxy1 to proxy2 as the original user.

The scenario I described in the last email was to stet the stage to 
describe where the Kerberos protocol proxying was happening, not the 
method in the client to server part.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20211017/fd1c3249/attachment.bin>


More information about the squid-users mailing list