Squid-kerberos: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 15: | Zeile 15: | ||
=restart= | =restart= | ||
service squid3 start | service squid3 start | ||
+ | =client Machine= | ||
+ | Set your proxy to server dewey.xinux.org using port 3128. It is important that you use the fully qualified domain name and NOT the IP address. | ||
+ | |||
=debugging= | =debugging= | ||
Version vom 17. Juli 2014, 13:49 Uhr
create computeraccount and a local keytab
kinit administrator msktutil -c -b "CN=Computers" -s HTTP/dewey.xinux.org -k /etc/squid3/PROXY.keytab --computer-name PROXYSRV-HTTP --upn HTTP/dewey.xinux.org --server gondor.xinux.org --verbose chown proxy.proxy /etc/squid3/PROXY.keytab
/etc/default/squid3
KRB5_KTNAME=/etc/squid3/PROXY.keytab export KRB5_KTNAME
on the top of /etc/squid3/squid.conf add
auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -i -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive on acl auth proxy_auth REQUIRED http_access allow all auth
restart
service squid3 start
client Machine
Set your proxy to server dewey.xinux.org using port 3128. It is important that you use the fully qualified domain name and NOT the IP address.
debugging
sources
- http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html
- http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
- http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise
- http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html
- http://serverfault.com/questions/66556/getting-squid-to-authenticate-with-kerberos-and-windows-2008-2003-7-xp