proxy authentication

Robert Nash Robert.Nash at
Tue Oct 10 07:15:50 EDT 2006

Hi All,


This did not seem to post yesterday so I thought I would try it


Like most companies we have a proxy that we use to get to the outside
world, what I want to do is get through that proxy from my UNIX server
(we use AIX) to an HTTP web service.


Here is what I'm doing at the moment (and how Kerberos fits into this),
I have a C++ program, 

1) I open a socket to the proxy@ port 80, 

2) Once connected I send the http command, "CONNECT HTTP/1.0\n\n"


3) The proxy responds with:

HTTP/1.1 407 Proxy Authentication Required (The ISA Server requires
authorization to fulfill the request. Access to the Web Proxy service is
denied. )

Via:1.1 WISA1

Proxy-Authenticate: NTLM

Proxy-Authenticate: Kerberos

Proxy-Authenticate: Negotiate


*** from what I understand the proxy is telling me that it will only
accept NTLM, Kerberos or Negotiate to authenticate, so from Unix the
only option I can see is Kerberos, I downloaded the krb5-1.4.4 source,
built everything,  but I cannot get any where with the samples. I'm
guessing that I somehow need to encrypt my user & password and pass that
to the proxy, It has to work somehow because I downloaded the mozilla
source, built it and it works great, prompts me for my user id and
password for the proxy and then no problem getting to the internet.


Is there a better way to do this? 


I used the Microsoft WININET tools and it's a snap, just a few lines of
code a I'm through, but of course that won't help in Unix.





This e-mail, including any attachments, is intended for the receipt and use by the intended addressee(s) only and may contain privileged, confidential, work-product and/or trade secret information of a proprietary nature.  If you are not an intended recipient of this e-mail, you are hereby notified that any unauthorized use, distribution or re-transmission of this e-mail or any attachment(s) is strictly prohibited and that all rights of the sender and/or intended recipients are hereby reserved without prejudice thereto.

More information about the Kerberos mailing list