[squid-users] Re: Kerberos set-up is problematic from Robert Schenck on 2009-12-11 (squid-users)

From: Robert Schenck <robschenck416_at_gmail.com>
Date: Fri, 11 Dec 2009 12:54:09 +0100

Nevermind, problem solved. I didn't have rights to the keytab file...

On Fri, Dec 11, 2009 at 10:27 AM, Robert Schenck
<robschenck416_at_gmail.com> wrote:
> Update:
>
> First a correction, it should've been "I know this information seems
> rather limited"instead of "I know this information see".
>
> I recompiled Squid with just Kerberos and still received the same error.
>
> On Fri, Dec 11, 2009 at 9:58 AM, Robert Schenck <robschenck416_at_gmail.com> wrote:
>> Hello,
>>
>> First: I'm an intern and know little of pretty much everything. Try to
>> explain the best you can, please!
>>
>> I'm trying to set up Kerberos on a Squid proxy server (the server is
>> to allow access to ip-based content away from the intranet, so it will
>> be something like so: client --> internet --> VPN --> access to
>> intranet --> proxy server --> ip-based content).
>>
>> Unfortunately, every time I connect to the proxy to connect to random
>> webpage, I receive the error "Cache Access Denied". According to the
>> guy who manages the Kerberos stuff around here, the machine is
>> authenticated with Keberos and has a ticket...so apparently it's
>> something to do with Squid (but don't necessarily rule out
>> Keberos...he may be wrong)?
>>
>> I set-up Squid using Kerberos (note that prior to the Kerberos
>> installation, Squid worked fine)doing exactly what was stated in this
>> guide: http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authorization-in-active-directory/.
>> The "Kerberos guy" did the Windows step for me...so there shouldn't be
>> any problems there.
>>
>> As it says in the guide, I did compile Squid with basic
>> authentication....but I didn't set it up whatsoever and haven't
>> changed any settings relating to it...could this be the culprit,
>> perhaps? This actually seems somewhat likely to me because the error
>> occurs when I run squid with the start-up script (that includes the
>> line: export KRB5_KTNAME=/etc/squid/squid.domain.keytab) and when I
>> start squid using the sbin file...(so it shouldn't even be loading the
>> keytab file here).
>>
>> I know this information see
>>
>
Received on Fri Dec 11 2009 - 11:54:39 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 11 2009 - 12:00:02 MST