Markus Moeller wrote:
> In more detail the required steps for squid_kerb_auth (from
> https://sourceforge.net/project/showfiles.php?group_id=196348 or from
> latest
> squid distribution) are:
>
> 1) Install kerberos client package
> 2) Install msktutil package from
> http://dag.wieers.com/rpm/packages/msktutil/
> 3) Configure krb5.conf
> 4) Configure squid by adding
> auth_param negotiate program /usr/sbin/squid_kerb_auth
> auth_param negotiate children 10
> auth_param negotiate keep_alive on
> 5) Create keytab for HTTP/fqdn with msktutil.
> a) kinit administrator_at_DOMAIN
> b) msktutil -c -b "CN=COMPUTERS" -s HTTP/<fqdn> -h <fqdn> -k
> /etc/squid/HTTP.keytab --computer-name squid-HTTP --upn HTTP/<fqdn>
> --server
> <domain controller> --verbose
>
> 6) Add the following to thw squid startup script
> KRB5_KTNAME=/etc/squid/HTTP.keytab
> export KRB5_KTNAME
>
> 7) Done
>
> Markus
>
>
Thank you. I was going to ask you for this soon.
Added to the wiki:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
Is there anything we can/should add to the krb5.conf section?
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6Received on Sun Mar 22 2009 - 00:28:06 MDT
This archive was generated by hypermail 2.2.0 : Sun Mar 22 2009 - 12:00:02 MDT