proxy authentication

Robert Nash Robert.Nash at
Mon Oct 9 11:45:57 EDT 2006

Hi All,


Like most companies we have a proxy that we use to get to the outside
world, what I want to do is get through that proxy from my UNIX server
(we use AIX) to an HTTP web service.


Here is what I'm doing at the moment (and how Kerberos fits into this),
I have a C++ program, 

1) I open a socket to the proxy@ port 80, 

2) Once connected I send the http command, "CONNECT HTTP/1.0\n\n"


3) The proxy responds with:

HTTP/1.1 407 Proxy Authentication Required (The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service is
denied. )

Via:1.1 WISA1

Proxy-Authenticate: NTLM

Proxy-Authenticate: Kerberos

Proxy-Authenticate: Negotiate


*** from what I understand the proxy is telling me that it will only
accept NTLM, Kerberos or Negotiate to authenticate, so from Unix the
only option I can see is Kerberos, I downloaded the krb5-1.4.4 source,
built everything,  but I cannot get anyplace with the samples. I'm
guessing that I somehow need to encrypt my user & password and pass that
to the proxy, but I'm not getting anyplace, It has to work somehow
because I downloaded the mozilla source, built it and it works great,
prompts me for my user id and password for the proxy and then no problem
getting to the internet.


Is there a better way to do this? 


I used the Microsoft WININET tools and it's a snap, just a few lines of
code a I'm through, but of course that won't help in Unix.






Bob Nash

Sr. Technical Specialist, Operations Automation

Fedex National LTL - IT/HDQ

robert.nash at

863 688-6662 X5282


This e-mail, including any attachments, is intended for the receipt and use by the intended addressee(s) only and may contain privileged, confidential, work-product and/or trade secret information of a proprietary nature.  If you are not an intended recipient of this e-mail, you are hereby notified that any unauthorized use, distribution or re-transmission of this e-mail or any attachment(s) is strictly prohibited and that all rights of the sender and/or intended recipients are hereby reserved without prejudice thereto.

More information about the Kerberos mailing list