I would like to know if it possible to let a Windows Xp machine authenticate to Squid (Linux) using Kerberos without the need of an Active Directory domain.
I only want to create a Kerberos ticket on the client side, which should give the client access to squid (using I.E.).
I only found tutorials about configuring A.D./Squid, not an environment with only Linux servers.
Thanks
Update:
The kerberos setup is correctly done, the proxy and client can get tickets.
As for the browser (FF/IE), I get:
ERROR
Cache Access Denied
While trying to retrieve the URL: http://www.google.com/
The following error was encountered:
* Cache Access Denied.
Sorry, you are not currently allowed to request:
http://www.google.com/
from this cache until you have authenticated yourself.
In kerberos, I get:
squid_kerb_auth: Got 'YR ElRNTVMTUABBAABAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgDAAAADw==' from squid (length: 59).
squid_kerb_auth: parseNegTokenInit failed with rc=101
squid_kerb_auth: received type 1 NTLM token
This message is strange, as I didn't configure NTLM. It looks like the browser uses the wrong authentication methode.
This seemed familiar and Google searching brought me back to ServerFault. Long story short, Micros*** extends Kerberos in a way that makes client authentication with alternative Kerberos implementations (e.g. MIT or Heimdal) not easily accomplished. This is why projects like pGina were created. That might be primarily for LDAP auth, but the cause will lead to you needing a similar result, namely coding your own custom GINA DLL to handle that kind of auth. If you find one that handles Kerberos, please let us know! I would be super-excited to use it and find out.