Authenticate client to Squid Proxy with Negotiate- Kerberos

Question

My client machine is communicating with squid proxy by Basic Authentication mode. In Basic Authentication client is passing an authentication header like below to proxy

{+add-header{Proxy-Authorization: Basic dGNvZTE6dGNvZTE=}}

Since the basic authentication is weak i have to move my authentication to Negotiate / Kerberos .

Can anybody suggest me how client will communicate with proxy ? What are all the information i have to pass? Proxy-Authorization header is required or not? if required what i should pass as param ? Note : I am not familiar with these configurations , most of the sources in the internet are not taking me in the right direction.

Recently i have read a thread The Story of secure user-authentication in squid In that i read a comment by @gravity , @gravity mentioned he has implemented that already. Please suggest me a solution.

I think the answer you want is basically that found in https://stackoverflow.com/questions/4265975/authentication-issues-with-www-authenticate-negotiate : there is no equivalent header to the one you show for Negotiate. — iwaseatenbyagrue, Apr 02 '17 at 11:21

score 2 · Answer 1 · answered Apr 12 '17 at 07:55

2

you need to use the follow squid docs on kerberos

If you do not have to deal with an AD kerberos realm, the steps could be somewhat different, but the gist of it will be the same.

answered Apr 12 '17 at 07:55

natxo asenjo

5,641
2
25
27

also https://www.freeipa.org/page/Squid_Integration_with_FreeIPA_using_Single_Sign_On – Jacob Evans Feb 23 '18 at 19:10

Authenticate client to Squid Proxy with Negotiate- Kerberos

1 Answers1