On 17/08/21 6:25 pm, 易铭 wrote:
Dear all,

I have two questions about cache for squid authentication.

1. Can I skip authentication for a certain period of time after I've authenticated once?

When I do the following, the authentication screen appears.

Start browser -> access site after authentication (Kerberos authentication) -> close browser -> start another application (LDAP authentication)


Negotiate/Kerberos authentication authenticates the TCP connection. All messages on that connection require the Kerberos tokens to prove it is valid on that connection.


So, even using Kerberos and LDAP auth at the same time, I want to skip the authentication process by clientIPaddress, etc.


This is authorization *not* authentication.


2. About authentication data passing in NTLM authentication on website.


NTLM, just like Negotiate/Kerberos authenticates the TCP connection and requires all messages to have teh appropriate tokens.


SingleSignOn is not working for some sites with NTLM authentication.


That is a Browser issue. "single sign-on" is a behaviour of clients, where they choose to send the same credentials to all services. It has nothing to do with the service like Squid.


For example, when the authentication pop-up message appears, you can enter the auth information to access the page, but if you visit a different URL, you will be prompted to authenticate again.

Can someone give me some advice?


The client doing that is broken or confused.

Maybe the confusion happened because of your mixed up squid config rules. Or maybe not. You have not provided any information about your squid.conf, network topology, or how the clients are using the proxy - so we cannot tell.

Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to