Squid-kerberos: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
Zeile 15: Zeile 15:
 
=restart=
 
=restart=
 
  service squid3 start
 
  service squid3 start
 +
=client Machine=
 +
Set your proxy to server dewey.xinux.org using port 3128. It is important that you use the fully qualified domain name and NOT the IP address.
 +
 
=debugging=
 
=debugging=
  

Version vom 17. Juli 2014, 13:49 Uhr

create computeraccount and a local keytab

kinit administrator
msktutil -c -b "CN=Computers" -s HTTP/dewey.xinux.org -k /etc/squid3/PROXY.keytab --computer-name PROXYSRV-HTTP --upn HTTP/dewey.xinux.org --server gondor.xinux.org --verbose
chown proxy.proxy /etc/squid3/PROXY.keytab

/etc/default/squid3

KRB5_KTNAME=/etc/squid3/PROXY.keytab
export KRB5_KTNAME

on the top of /etc/squid3/squid.conf add

auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -i -s GSS_C_NO_NAME
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl auth proxy_auth REQUIRED
http_access allow all auth

restart

service squid3 start

client Machine

Set your proxy to server dewey.xinux.org using port 3128. It is important that you use the fully qualified domain name and NOT the IP address.

debugging

sources