It consumes the data for its graphs from a REST API via HTTP, on ports in the 8000-9000 range.
On Wed, Mar 14, 2018 at 8:43 PM, Enrico Heine <flashd...@data-core.org> wrote: > Which protocols and ports is that GUI tool using for what it's doing with > it's remote endpoint that requires kerberos authentication? > > Am 14. März 2018 19:27:48 MEZ schrieb Patrick Nick <peedee.n...@gmail.com > >: >> >> Hi Enrico, >> >> You write >> >>> But squid cannot authenticate those requests on the destination server >>> if it needs authentication as well. >> >> >> So how do I make it NOT need authentication? >> I want it to authenticate the request on behalf of the client, so that my >> client app does not need to authenticate. >> Squid can use the keytab that I give it for that. >> >> >> On Wed, Mar 14, 2018 at 7:22 PM, Enrico Heine <flashd...@data-core.org> >> wrote: >> >>> Hi, >>> >>> Easy going, you can allow traffic from a specific source or traffic to a >>> specific destination before you require authentication on the proxy. You >>> can also restrict it to both, src and destination and additionaly specific >>> ports. But squid cannot authenticate those requests on the destination >>> server if it needs authentication as well. >>> >>> Best regards, >>> Enrico >>> >>> >>> Am 14. März 2018 18:58:54 MEZ schrieb Patrick Nick < >>> peedee.n...@gmail.com>: >>>> >>>> Hello list, >>>> >>>> We are in the process of Kerberizing our Big Data operation, but we >>>> have a GUI tool in use that is not capable of Kerberos authentication. I'm >>>> looking for a way to keep using it, which means that it needs to read data >>>> from a Kerberos-protected service. >>>> >>>> To be clear, I'm looking for a proxy that will take care of the >>>> authentication so that our GUI tool does not need to know. It should >>>> "enrich" the client's "dumb" request to an authenticated request. This >>>> lowers security of course, but I will use other means to make sure that >>>> only that app can talk to the proxy on the network. >>>> >>>> I looked into nginx but didn't find a way to do what I want. >>>> >>>> Can squid do this? >>>> I've been trying some configs according to >>>> https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos, but >>>> it seems that it always wants to pass the "negotiate" request to the >>>> client, which I'm trying to avoid. >>>> >>> >>> -- >>> Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. >>> >> >> > -- > Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet. >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
