On 10/13/21 1:48 PM, Markus Moeller wrote:
The problem lies more in the way how Kerberos proxy authentication works. The client uses the proxy name to create a ticket and in this case it would be the name of the first proxy e.g. proxy1.internal. The first proxy will pass it through to the authenticating proxy for authentication proxy2.internal.
My understanding is that there is a way that a Kerberized service (proxy1 in this case) could act as a Kerberos protocol proxy agent (of sorts) and ask for a special type of Kerberos ticket on behalf of the client (client0) asking it (proxy1) for service which it (proxy1) would use when forwarding connections on to another host (proxy2 in this case). Is my general understanding of Kerberos wrong?
Does Squid support such Kerberos protocol proxy agent (term?) support? -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
