Hello,
I'm having some issue with squid_kerb_ldap in its handling of SPN's in
the specified keytab file. I'm hoping I'm just missing something.
I have a Windows Forest with multiple child domains, all trusting each
other. I'd like to have one SPN authorize users for all of the child
domains and not have to setup a user account in each domain tied with
a dedicated SPN for that domain. From previous posts that seems to be
the only solution when squid_kerberos_ldap looks for the users realm
and match that realm with one in the keytab file.
Is there not an argument like squid_kerb_auth has ( " -s <SPN>" )
where I can specify exactly which SPN to use to bind to ldap? Is there
another way? I read about setting [capaths] in krb5.conf but that
doesn't seem to help much.
Any help is much appreciated!!!
Sincerely,
M deJong
Received on Thu Aug 12 2010 - 22:01:53 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 14 2010 - 12:00:02 MDT