Squid-kerberos: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 11: | Zeile 11: | ||
acl auth proxy_auth REQUIRED | acl auth proxy_auth REQUIRED | ||
http_access allow all auth | http_access allow all auth | ||
+ | =restart= | ||
+ | service squid3 start | ||
+ | |||
Version vom 17. Juli 2014, 13:03 Uhr
create computeraccount and a local keytab
kinit administrator msktutil -c -b "CN=Computers" -s HTTP/dewey.xinux.org -k /etc/squid3/PROXY.keytab --computer-name PROXYSRV-HTTP --upn HTTP/dewey.xinux.org --server gondor.xinux.org --verbose
/etc/default/squid3
KRB5_KTNAME=/etc/squid3/PROXY.keytab export KRB5_KTNAME
on the top of /etc/squid3/squid.conf add
auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -i -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive on acl auth proxy_auth REQUIRED http_access allow all auth
restart
service squid3 start
sources
- http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html
- http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
- http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise
- http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html