[squid-users] Squid > Kerberos authentication

From: Extra Fu <extrafu_at_gmail.com>
Date: Sat, 28 Nov 2009 17:44:40 -0500

Hello,

I'm considering dropping the use of NTLM in favor of Kerberos
(auth_param negotiate) to authenticate users against my AD 2003
server. To do this, I would like to use the squid_kerb_auth program.

Prior starting my work on this, I was wondering what would happen for
users not currently logged in on my domain controller (ie., users not
having a valid Kerberos ticket) - for example, users at home or Mac OS
X / Linux users? From my readings, Safari 3/4, Firefox 2+, IE7/8 all
seems to support Kerberos authentication to a Squid proxy but for
clients, it's not clear to me (after reading RFC4559) what will happen
if no ticket is present when the user goes through the Squid proxy.

Will it just fail?

Thanks for any light you can shine on this.

Best regards,
Received on Sat Nov 28 2009 - 22:44:43 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 30 2009 - 12:00:04 MST