Re: [squid-users] Kerberos, squid and IE8 with windows integrated validation

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 21 Jun 2013 02:23:09 +1200

On 20/06/2013 11:54 p.m., SPG wrote:
> Hi,
>
> I have integrated squid with kerberos and all work fine. When I open the IE
> 8 never ask by the password, because I activate in web browser integrated
> windows authentication. But I need that squid ask for the password because
> some web get the user and password of windows domain and deny access.

"some web" ... what are "web" ?

If you mean "websites", that is nothing to do with Squid. Authentication
to websites is completely separate mechanism in HTTP to authentication
with proxies. Squid does not touch the www-auth headers for
authentication with websites, and websites do not even receive
proxy-auth headers with credentials for the proxy.

> If I
> deactivate the option in web browser, the proxy give me a error because I
> don't have persmission for access to cache, but not ask me for the password
> for authenticate

What error exactly?

NOTE: "asking for the password" is a browser feature. When it receives a
407 code from Squid it is expected to locate credentials - nothing more.
When Windows integrated auth is enabled the browser is given permission
to use the logged in user credentials, or the machines hardware
credentials (if any are assigned the machine).

Amos
Received on Thu Jun 20 2013 - 14:23:25 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 21 2013 - 12:00:36 MDT