On 17/04/2013 6:56 p.m., Sean Boran wrote:
> Hi,
>
> Kerberos is authenticating http/s traffic for me from certain client
> addresses just fine.
> However ftp is being rejected, does the browser+squid not auth ftp in
> the same way as http?
>
> If ftp does work with kerberos, is there a way (ACL) that ftp traffic
> can be excluded from kerberos auth?
>
> Thanks in advance,
>
> Sean
FTP protocol only supports a form of Basic authentication. So Squid maps
FTP server authentication to www-auth headers as Basic scheme.
The link between client and Squid is of course HTTP and can use the full
range of HTTP schemes normally.
The two levels of authentication, client->server and client->squid are
completely independent so the client can login with Negotiate/Kerberos
to the proxy and Basic to the FTP server simultaeneously. The main
problems are lack of proper HTTP support (or just Kerberos support) in
FTP clients which claim to support HTTP proxies.
Amos
Received on Wed Apr 17 2013 - 07:53:19 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 17 2013 - 12:00:04 MDT