Regd. Kerberos not authentication in IE

Nigel Benns nigelbenns at rogers.com
Tue Oct 6 10:08:46 EDT 2009


IE is not set up 100% I think.  You need to do more then check "Use windows integrated authentication"

See this article under section "Configuring Microsoft Clients for Kerberos Authentication":

http://download.oracle.com/docs/cd/E12839_01/web.1111/e13707/sso.htm#i1101998

--- On Tue, 10/6/09, anandhi jay <anu.persist at gmail.com> wrote:

From: anandhi jay <anu.persist at gmail.com>
Subject: Regd. Kerberos not authentication in IE
To: kerberos at mit.edu
Received: Tuesday, October 6, 2009, 8:27 AM

Hi,

     I have installed the kerberos5 in linux and configured squid for that.
     From IE6 i configured the squid proxy ipaddress and port. It asked for
the username and password.
     I have given the kerberos principal as username and password for that.
     But I am getting 407 authentication required response only. Herewith i
have given the packets also , I think it is trying for NTLM, but  i want
kerberos. I have enabled the
     Enable Internet windows Authentication in the Internet options. Kindly
help me to work on the kerberos authentication using squid.



GET http://www.whatismyip.com/ HTTP/1.0
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword,
application/x-ms-application, application/x-ms-xbap,
application/vnd.ms-xpsdocument, application/xaml+xml,
application/x-silverlight, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
.NET CLR 2.0.50727; FDM; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
InfoPath.1)
Proxy-Connection: Keep-Alive
Cookie: __utma=18138879.169229710.1251445998.1251445998.1251445998.1;
__utmz=18138879.1251445999.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Proxy-Authorization: Negotiate
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
Host: www.whatismyip.com


HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.6.STABLE22
Date: Tue, 06 Oct 2009 11:24:09 GMT
Content-Type: text/html
Content-Length: 1311
Expires: Tue, 06 Oct 2009 11:24:09 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Negotiate received
X-Cache: MISS from EXAMPLE.COM
Via: 1.0 EXAMPLE.COM:3129 (squid/2.6.STABLE22)
Proxy-Connection: close

GET http://www.whatismyip.com/ HTTP/1.0
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword,
application/x-ms-application, application/x-ms-xbap,
application/vnd.ms-xpsdocument, application/xaml+xml,
application/x-silverlight, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
.NET CLR 2.0.50727; FDM; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729;
InfoPath.1)
Proxy-Connection: Keep-Alive
Cookie: __utma=18138879.169229710.1251445998.1251445998.1251445998.1;
__utmz=18138879.1251445999.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Host: www.whatismyip.com
Proxy-Authorization: Negotiate
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
NTLMSSP

HTTP/1.0 407 Proxy Authentication Required
Server: squid/2.6.STABLE22
Date: Tue, 06 Oct 2009 11:24:10 GMT
Content-Type: text/html
Content-Length: 1311
Expires: Tue, 06 Oct 2009 11:24:10 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Negotiate received
X-Cache: MISS from EXAMPLE.COM
Via: 1.0 EXAMPLE.COM:3129 (squid/2.6.STABLE22)
Proxy-Connection: close




Regards,
anu.
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos



More information about the Kerberos mailing list