Squid-kerberos: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 23: | Zeile 23: | ||
*http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise | *http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise | ||
*http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html | *http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html | ||
+ | *http://serverfault.com/questions/66556/getting-squid-to-authenticate-with-kerberos-and-windows-2008-2003-7-xp |
Version vom 17. Juli 2014, 13:35 Uhr
create computeraccount and a local keytab
kinit administrator msktutil -c -b "CN=Computers" -s HTTP/dewey.xinux.org -k /etc/squid3/PROXY.keytab --computer-name PROXYSRV-HTTP --upn HTTP/dewey.xinux.org --server gondor.xinux.org --verbose chown proxy.proxy /etc/squid3/PROXY.keytab
/etc/default/squid3
KRB5_KTNAME=/etc/squid3/PROXY.keytab export KRB5_KTNAME
on the top of /etc/squid3/squid.conf add
auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -i -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive on acl auth proxy_auth REQUIRED http_access allow all auth
restart
service squid3 start
debugging
sources
- http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html
- http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
- http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise
- http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html
- http://serverfault.com/questions/66556/getting-squid-to-authenticate-with-kerberos-and-windows-2008-2003-7-xp