[squid-users] Unwanted authentication requests

Marek Greško marek.gresko at protonmail.com
Thu Sep 8 07:13:04 UTC 2022


Hello,

I have a setup that users in one vlan use kerberos authentication to the squid and users in second vlan are not kerberos aware. They are either allowed by ip address or use basic authentication. This setup was working quite well for a long time. Time to time users on the kerberos aware vlan got basic auth request which after pressing cancel disappeared. This happened maybe once a month without apparent reason.

But nowadays I observe the basic auth on the kerberos aware vlan very often without any change to policy. When looking into the logs it seems it is related to these logs:

NONE_NONE/000 0 - error:transaction-end-before-headers - HIER_NONE/- -

It seems the after connection crash brower receives another auth request and it thinks the kerberos was not successful and tries basic auth.

Is there some way to limit the use of basic auth only to the users on the second vlan and not present it to the users on the first vlan and vice versa? Or am I doing something wrong? Or do you have some suggestion what could happen that it appears so frequently now? Squid proxy update? Browser update (firefox)? I am using Fedora 36 with latest updates on both server and client when this happens.

I worked with Bluecoat proxies in the past and if I remember well there was separate policy layer for authentication. I cannot find such a thing in the squid proxy.

Thanks for suggestions.

Marek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220908/acfb35ce/attachment.htm>


More information about the squid-users mailing list