rofl0r/proxychains-ng

Feature request: SPNEGO Authentication

greskom opened this issue · 5 comments

Hello,

would it be possible to add SPNEGO Authentication to proxychains-ng? We are behind proxy requesting SPNEGO authentication using kerberos.

Thanks

Marek

this mechanism appears to be very complex. if someone is interested in implementing this, m$ provides some example code and test data here: https://learn.microsoft.com/en-us/previous-versions/ms995331(v=msdn.10)

Maybe as a first step kerberos only support would be sufficient. The kerberos probably is not so complex as NTLM is. We have squid with kerberos auth here, so no need for NTLM.

The curl implements SPNEGO when using --negotiate parameter. Maybe this could be used as an inspiration?

it's hard to develop stuff for systems you don't have access to. if you can describe how to setup a test environment, it's more likely someone interested shows up and implements your feature. personally, i've never come across a socks server implementation with GSSAPI support, probably because it's so complex despite having "simple" in the name.

You can setup kerberos using this guide: https://fedoraproject.org/wiki/Infrastructure/Kerberos
Then make squid to authenticate against kerberos: https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos