Hello all,
I have written an external auth helper which returns OK
user=external username in case of a positive authentication result.
I would think that I could use this external username - which in
case of LDAP authentication would be the user's DN - in other
external_acl_type acls as the
The reason is simple. My auth helper reads values (realm:password or
only password) from a certain LDAP attribute, matches one of these
values and then uses the match to compute H(A1). Now, we have
customers whose LDAP attributes only store the password (in
clear-text) and thus they have no
Hi Henrik,
I am not sure what your point is so I'll be trying to make my point
again. First of all, the RFC specifies the realm to be a quoted-string
as you can see here:
realm = realm = realm-value
realm-value = quoted-string
In the whole RFC there is no statement that says the realm has to
by themselves. We want to
support this latter case as well and the empty realm would make that a
lot easier.
Regards,
Khaled
2010/6/22 Henrik Nordström hen...@henriknordstrom.net:
tis 2010-06-22 klockan 00:22 +0200 skrev Khaled Blah:
That's not completely true. RFC 2617 states that the realm
Hello all,
I'd like to give Squid an empty realm as the realm for basic/digest
authentication but Squid quits with a message similar to this:
FATAL: Bungled squid.conf line xxx: auth_param digest realm. Maybe I
am doing something wrong but I can't get the empty realm working.
Can anyone here
I just tried leaving the auth_param digest realm statement away and
then squid used Squid proxy-caching web server as the realm. I am
using squid 2.7. Does Squid support empty realm in versions 2.7?
2010/6/15 Khaled Blah khaled.b...@googlemail.com:
Hello all,
I'd like to give Squid an empty
Hi Nick,
what I don't get in your question is this: if squid is already joined
to your domain as squid1, why create another machine account auth1?
Maybe I missed out on something.
Your msktutil parameters look fine though.
Regards,
Khaled
2010/4/14 Nick Cairncross
Hi Bilal,
1. ktpass and msktutil practically do the same, they create keytabs
which include the keys that squid will need to decrypt the ticket it
receives from the user. However ktpass only creates a file which you
will then have to securely transfer to your proxy server so that squid
can access
I forgot this link to an Example configuration:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
2010/4/8 Khaled Blah khaled.b...@googlemail.com:
Hi Bilal,
1. ktpass and msktutil practically do the same, they create keytabs
which include the keys that squid will need
2010/3/30 Amos Jeffries squ...@treenet.co.nz:
Markus Moeller wrote:
I may misunderstood what you said, but there is no caching of
authentication for Kerberos nor Basic/Digest. I think the TTL you talk about
is for authorisation.
Markus
Quite right.
Amos
Khaled Blah khaled.b
credentials,
he or she will not be re-verified with the helper's help until the TTL
has passed, right? So what am I missing here?
Thx in advance for any insight you can give me on this!
Khaled
2010/3/28 Khaled Blah khaled.b...@googlemail.com:
Thx a lot for your answer, Amos! You are of course right
Hi all,
I'm developing an authentication helper (Negotiate/NTLM) for squid and
I am trying to understand more how squid handles this process
internally. Most of all I'd like to know how and how long squid caches
authentication results. I have looked at the debug logs and they show
that squid
Hi all,
I'm developing an authentication helper (Negotiate/NTLM) for squid and
I am trying to understand more how squid handles this process
internally. Most of all I'd like to know how and how long squid caches
authentication results. I have looked at the debug logs and they show
that squid
Hi all,
I'm developing an authentication helper (Negotiate/NTLM) for squid and
I am trying to understand more how squid handles this process
internally. Most of all I'd like to know how and how long squid caches
authentication results. I have looked at the debug logs and they show
that squid
Hi all,
I'm developing an authentication helper (Negotiate/NTLM) for squid and
I am trying to understand more how squid handles this process
internally. Most of all I'd like to know how and how long squid caches
authentication results. I have looked at the debug logs and they show
that squid
whether that means that Squid cannot use
SPNEGO based proxy authentication or that a client cannot HTTP
authenticate to a target through a proxy. I found the RFC to be ambigous
concerning this.
I'd be glad if you could enlighten me concerning this question.
Thanks a lot!
--
Khaled Blah
khaled.b
...@henriknordstrom.net
An: Khaled Blah khaled.b...@gmx.de
CC: squid-users@squid-cache.org
Betreff: Re: [squid-users] Active Directory Single Sign-on
tor 2010-02-18 klockan 10:30 +0100 skrev Khaled Blah:
This mechanism is not used for HTTP authentication to HTTP proxies.
Does that mean HTTP
17 matches
Mail list logo