Squid-kerberos: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 17: | Zeile 17: | ||
=debugging= | =debugging= | ||
+ | *http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-kerb-auth-received-type-1-NTLM-token-td2131613.html | ||
=sources= | =sources= | ||
*http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html | *http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html |
Version vom 17. Juli 2014, 13:19 Uhr
create computeraccount and a local keytab
kinit administrator msktutil -c -b "CN=Computers" -s HTTP/dewey.xinux.org -k /etc/squid3/PROXY.keytab --computer-name PROXYSRV-HTTP --upn HTTP/dewey.xinux.org --server gondor.xinux.org --verbose chown proxy.proxy /etc/squid3/PROXY.keytab
/etc/default/squid3
KRB5_KTNAME=/etc/squid3/PROXY.keytab export KRB5_KTNAME
on the top of /etc/squid3/squid.conf add
auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -i -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive on acl auth proxy_auth REQUIRED http_access allow all auth
restart
service squid3 start
debugging
sources
- http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html
- http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
- http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise
- http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html