Squid/Kerberos authentication with only Linux

Posted by user28362 on Server Fault See other posts from Server Fault or by user28362
Published on 2010-09-23T08:15:32Z Indexed on 2011/01/03 19:55 UTC
Read the original article Hit count: 323

Hi,

I would like to know if it possible to let a Windows Xp machine authenticate to Squid (Linux) using Kerberos without the need of an Active Directory domain.

I only want to create a Kerberos ticket on the client side, which should give the client access to squid (using I.E.).

I only found tutorials about configuring A.D./Squid, not an environment with only Linux servers.

Thanks

Update:

The kerberos setup is correctly done, the proxy and client can get tickets.

As for the browser (FF/IE), I get:

ERROR
Cache Access Denied

While trying to retrieve the URL: http://www.google.com/

The following error was encountered:

    * Cache Access Denied. 

Sorry, you are not currently allowed to request:

    http://www.google.com/

from this cache until you have authenticated yourself. 

In kerberos, I get:

squid_kerb_auth: Got 'YR ElRNTVMTUABBAABAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgDAAAADw==' from squid (length: 59).
squid_kerb_auth: parseNegTokenInit failed with rc=101
squid_kerb_auth: received type 1 NTLM token

This message is strange, as I didn't configure NTLM. It looks like the browser uses the wrong authentication methode.

© Server Fault or respective owner

Related posts about linux

Related posts about squid