Squid-kerberos: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 1: | Zeile 1: | ||
+ | =create computeraccount and a local keytab= | ||
+ | kinit administrator | ||
+ | msktutil -c -b "CN=Computers" -s HTTP/dewey.xinux.org -k /etc/squid3/PROXY.keytab --computer-name PROXYSRV-HTTP --upn HTTP/dewey.xinux.org --server gondor.xinux.org --verbose | ||
+ | =/etc/default/squid3 | ||
+ | KRB5_KTNAME=/etc/squid3/PROXY.keytab | ||
+ | export KRB5_KTNAME | ||
+ | =on the top of /etc/squid3/squid.conf add = | ||
+ | auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -i -s GSS_C_NO_NAME | ||
+ | auth_param negotiate children 10 | ||
+ | auth_param negotiate keep_alive on | ||
+ | acl auth proxy_auth REQUIRED | ||
+ | http_access allow all auth | ||
+ | |||
+ | |||
+ | =sources= | ||
*http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html | *http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html | ||
*http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory | *http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory | ||
*http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise | *http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise | ||
*http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html | *http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html |
Version vom 17. Juli 2014, 13:02 Uhr
create computeraccount and a local keytab
kinit administrator msktutil -c -b "CN=Computers" -s HTTP/dewey.xinux.org -k /etc/squid3/PROXY.keytab --computer-name PROXYSRV-HTTP --upn HTTP/dewey.xinux.org --server gondor.xinux.org --verbose
=/etc/default/squid3
KRB5_KTNAME=/etc/squid3/PROXY.keytab export KRB5_KTNAME
on the top of /etc/squid3/squid.conf add
auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -i -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive on acl auth proxy_auth REQUIRED http_access allow all auth
sources
- http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html
- http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
- http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise
- http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html