proxychains-ng icon indicating copy to clipboard operation
proxychains-ng copied to clipboard

Published 20 hours ago verified publisher icon rofl0r

Feature request: SPNEGO Authentication

Open greskom opened this issue 1 year ago • 5 comments

Hello,

would it be possible to add SPNEGO Authentication to proxychains-ng? We are behind proxy requesting SPNEGO authentication using kerberos.

Thanks

Marek

greskom avatar Feb 24 '24 15:02 greskom

this mechanism appears to be very complex. if someone is interested in implementing this, m$ provides some example code and test data here: https://learn.microsoft.com/en-us/previous-versions/ms995331(v=msdn.10)

rofl0r avatar Feb 24 '24 23:02 rofl0r

Maybe as a first step kerberos only support would be sufficient. The kerberos probably is not so complex as NTLM is. We have squid with kerberos auth here, so no need for NTLM.

greskom avatar Feb 25 '24 11:02 greskom

The curl implements SPNEGO when using --negotiate parameter. Maybe this could be used as an inspiration?

greskom avatar Feb 28 '24 07:02 greskom

it's hard to develop stuff for systems you don't have access to. if you can describe how to setup a test environment, it's more likely someone interested shows up and implements your feature. personally, i've never come across a socks server implementation with GSSAPI support, probably because it's so complex despite having "simple" in the name.

rofl0r avatar Feb 28 '24 13:02 rofl0r

You can setup kerberos using this guide: https://fedoraproject.org/wiki/Infrastructure/Kerberos Then make squid to authenticate against kerberos: https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos

greskom avatar Feb 28 '24 19:02 greskom