Thanks Amos, this sounded promising. Unfortunately the behavior I observe is not what I expect. So I added the following config:
cache_peer my.company.webserver.net parent 8081 0 no-query login=NEGOTIATE:myPrincipal But now squid still does not do the SPNEGO negotiation. I can see in the logs that it connects to the specified "parent" cache_peer, which returns "401 Unauthorized" as expected. But then squid just returns that to the client instead of sending another request with the Kerberos ticket to complete the negotiation. Am I misunderstanding what's supposed to happen? Or am I not configuring it right? (The keytab is readable by the squid user) On Thu, Mar 15, 2018 at 9:44 AM, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 15/03/18 11:01, Patrick Nick wrote: > > It consumes the data for its graphs from a REST API via HTTP, on ports > > in the 8000-9000 range. > > > > Then you can use cache_peer from the proxy to the origin server. See the > "AUTHENTICATION OPTIONS" section for how to send various types of > credentials to that peer. > <http://www.squid-cache.org/Doc/config/cache_peer/> > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
