On Jun 6, 2008, at 2:55 PM, Henrik Nordstrom wrote:
> On fre, 2008-06-06 at 14:33 -0700, Alex Morken wrote:
>
>> I have done a bit more testing and shut off my ldap authentication
>> and it seems that it still trying to use the basic auth. I have shut
>> squid completely down and restarted each time I change auth methods
>> per the documentation. How can I verify that it is indeed hitting
>> squid_kerb_auth?
>
> Use squidclient and look at the response headers sent by Squid.
>
> What is your auth_param settings?
auth_param negotiate program /usr/local/squid/libexec/squid_kerb_auth -d
auth_param negotiate children 10auth_param negotiate keep_alive on
auth_param basic program /usr/local/squid/libexec/pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
>> I have my debugging level set to 9 and have tried to
>> squid -k debug to see what I can get but I can't find where it is
>> trying to pass anything to squid_kerb_auth.
>
> It will only talk to squid_kerb_auth when there is a client trying to
> perform a kerberos handshake. Before that it's complete silence on the
> helper side..
When I comment out the auth_param basic part of the file and restart
squid I get authentication denied and it doesn't look like it is
passing anything to kerberos. I do have acl's in place that require
auth and it works correctly when just using pam_auth. Am I missing
something for getting it to hit kerberos either on the ACL side of
things or on the auth_param side?
Thanks
Alex Morken
Received on Fri Jun 06 2008 - 22:34:06 MDT
This archive was generated by hypermail 2.2.0 : Sat Jun 07 2008 - 12:00:03 MDT