Squid-kerberos
Version vom 17. Juli 2014, 13:02 Uhr von 192.168.244.1 (Diskussion)
create computeraccount and a local keytab
kinit administrator msktutil -c -b "CN=Computers" -s HTTP/dewey.xinux.org -k /etc/squid3/PROXY.keytab --computer-name PROXYSRV-HTTP --upn HTTP/dewey.xinux.org --server gondor.xinux.org --verbose
=/etc/default/squid3
KRB5_KTNAME=/etc/squid3/PROXY.keytab export KRB5_KTNAME
on the top of /etc/squid3/squid.conf add
auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d -i -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive on acl auth proxy_auth REQUIRED http_access allow all auth
sources
- http://roshan-g.blogspot.de/2014/05/squid-with-kerberos-and-ldap.html
- http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
- http://stackoverflow.com/questions/18075028/squid-integration-with-active-directory-best-practise
- http://manpages.ubuntu.com/manpages/trusty/man8/negotiate_kerberos_auth.8.html