Squid/Kerberos authentication with only Linux
Posted
by
user28362
on Server Fault
See other posts from Server Fault
or by user28362
Published on 2010-09-23T08:15:32Z
Indexed on
2011/01/03
19:55 UTC
Read the original article
Hit count: 323
Hi,
I would like to know if it possible to let a Windows Xp machine authenticate to Squid (Linux) using Kerberos without the need of an Active Directory domain.
I only want to create a Kerberos ticket on the client side, which should give the client access to squid (using I.E.).
I only found tutorials about configuring A.D./Squid, not an environment with only Linux servers.
Thanks
Update:
The kerberos setup is correctly done, the proxy and client can get tickets.
As for the browser (FF/IE), I get:
ERROR
Cache Access Denied
While trying to retrieve the URL: http://www.google.com/
The following error was encountered:
* Cache Access Denied.
Sorry, you are not currently allowed to request:
http://www.google.com/
from this cache until you have authenticated yourself.
In kerberos, I get:
squid_kerb_auth: Got 'YR ElRNTVMTUABBAABAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgDAAAADw==' from squid (length: 59).
squid_kerb_auth: parseNegTokenInit failed with rc=101
squid_kerb_auth: received type 1 NTLM token
This message is strange, as I didn't configure NTLM. It looks like the browser uses the wrong authentication methode.
© Server Fault or respective owner