Hi,
For a customer we have setup up a redhat directory server (rhds) that
will hand out kerberos tickets which the user then uses to authenticate
itself with squid. All works great, the users can go to internet sites
without having to enter a username/password.
But there's a second kerberos realm (windows, active directory) for
which the ticket obviously doesn't work (yet .. we're working on that).
We have configured a PAC so squid won't be used for intranet sites.
Instead the Microsoft ISA server is used. Only every time the user
browses the intranet, he's being prompted for a username/password by the
ISA server.
Now we already keep both usernames/passwords in sync between the RHDS
and the AD. The only problem is that Microsoft ISA server requires a
username in the form 'DOMAIN\username'.
Now my question(s): is it possible to configure squid in such a way that
it'll forward the username/password to the ISA server? If not, is
possible to have squid already fill in the username field and have it
prefix it like 'DOMAIN\username' ? Or is that a much better way to
accomplish this? Obviously the best way would be to don't have the user
be prompted for his credentials at all when browsing the intranet.
Thanks in advance,
Léon
Received on Fri Oct 16 2009 - 05:21:39 MDT
This archive was generated by hypermail 2.2.0 : Sat Oct 17 2009 - 12:00:03 MDT