Squid/Kerberos authentication with only Linux

Posted by user28362 on Server Fault See other posts from Server Fault or by user28362
Published on 2010-09-23T08:15:32Z Indexed on 2011/01/03 19:55 UTC
Read the original article Hit count: 382

Filed under:

linux

|

squid

|

kerberos

|

proxy-authentication

Hi,

I would like to know if it possible to let a Windows Xp machine authenticate to Squid (Linux) using Kerberos without the need of an Active Directory domain.

I only want to create a Kerberos ticket on the client side, which should give the client access to squid (using I.E.).

I only found tutorials about configuring A.D./Squid, not an environment with only Linux servers.

Thanks

Update:

The kerberos setup is correctly done, the proxy and client can get tickets.

As for the browser (FF/IE), I get:

ERROR
Cache Access Denied

While trying to retrieve the URL: http://www.google.com/

The following error was encountered:

    * Cache Access Denied. 

Sorry, you are not currently allowed to request:

    http://www.google.com/

from this cache until you have authenticated yourself.

In kerberos, I get:

squid_kerb_auth: Got 'YR ElRNTVMTUABBAABAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgDAAAADw==' from squid (length: 59).
squid_kerb_auth: parseNegTokenInit failed with rc=101
squid_kerb_auth: received type 1 NTLM token

This message is strange, as I didn't configure NTLM. It looks like the browser uses the wrong authentication methode.

© Server Fault or respective owner

Related posts about linux

apt-get install and update fail

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I've got a problem with apt-get update and apt-get install ... commands . every time update or installing fails and errors are : Get:1 http://dl.google.com stable Release.gpg [198B] Ign http://dl.google.com/linux/chrome/deb/ stable/main Translation-en_US Get:2 http://dl… >>> More
kernel module compiling error

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
sh@ubuntu:/home/ccpp/helloworld$ make gcc-4.6 -O2 -DMODULE -D_KERNEL_ -W -Wall -Wstrict-prototypes -Wmissing-prototypes -isystem /lib/modules/`uname -r`/build/include -c -o hello-1.o hello-1.c hello-1.c:4:0: warning: "MODULE" redefined [enabled by default] <command-line>:0:0: note: this is… >>> More
Build-Essentials installation failing

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am having trouble accessing the several critical header files that show to be a part of the build process. The "Ubuntu Software Center" shows "Build Essentials" as installed: Next I did the following two commands, which did not improve the problem: ~$ sudo apt-get install build-essential [sudo]… >>> More
Updating Debian kernel

as seen on Super User - Search for 'Super User'
I'm trying to update my Debian machine to 2.6.32-46 (which is the new stable). However, after doing apt-get update my apt-cache search linux-image shows me: linux-headers-2.6.32-5-486 - Header files for Linux 2.6.32-5-486 linux-headers-2.6.32-5-686-bigmem - Header files for Linux 2.6.32-5-686-bigmem linux-headers-2… >>> More
Serial connection over a single USB cable (Windows to linux, or linux to linux)

as seen on Server Fault - Search for 'Server Fault'
I'm helping out with a project for an embedded device that only has USB and no serial. This device is running Linux. These days, when we need to connect to a serial port on a device we typically use a USB to serial adapter (on something like a phone system or a load balancing device, etc). I would… >>> More

Related posts about squid

Squid external_acl_type Cannot run process

as seen on Server Fault - Search for 'Server Fault'
I want to restrict uploading for group of the users via squid. So I've choosen to use external_acl_type but after reload of the squid it returns error. WARNING: Cannot run '/usr/local/etc/squid/lists/newupload.sh' process. Permissions of newupload.sh and squid are the same. newupload.sh is executive… >>> More
SquidProxy status:Unknow job :Squid

as seen on Super User - Search for 'Super User'
I have an issue in Centos 6.3. I installed Squid from compressed source archives(.tar.gz), I create an /etc/init.d/squid file, that run well because I view with the command ps -aux, that is running: root 2153 0.0 0.0 8920 1536 ? Ss 13:52 0:00 /opt/squid/squid-3.2/sbin/squid squid 2155 0.0 0… >>> More
squid ssl bump sslv3 enforce to allow old sites

as seen on Server Fault - Search for 'Server Fault'
Important: I have this question on stackoverflow but somebody told me this is more relevant place for this question. Thanks I have configured squid(3.4.2) as ssl bumped proxy. I am setting proxy in firefox(29) to use squid for https/http. Now it works for most sites, but some sites which support… >>> More
Accessing Squid Proxy over internet

as seen on Server Fault - Search for 'Server Fault'
Hi, I recently finished installing Squid on a VPS I have in the US and its working fine locally (I verified by setting http_proxy variable and using lynx). I want to access this proxy over the internet (as an anonymizer) so that I can see how some ads show up for US traffic on my website. I have… >>> More
Accessing Squid Proxy over internet

as seen on Server Fault - Search for 'Server Fault'
Hi, I recently finished installing Squid on a VPS I have in the US and its working fine locally (I verified by setting http_proxy variable and using lynx). I want to access this proxy over the internet (as an anonymizer) so that I can see how some ads show up for US traffic on my website. I have… >>> More