[squid-users] Re: squid with kerberos authentication

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Tue, 19 Jul 2011 22:14:54 +0100

What does the cache.log file say if you add -d to

auth_param negotiate program /usr/lib/squid/squid_kerb_auth

auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d

How did you configure IE ?

Can you see a ticket for HTTP/<squid-fqdn> in kerbtray


"Franco, Battista" <Battista.Franco_at_saint-gobain.com> wrote in message

On Centos 6 I want used squid (version 3.1.4) with Kerberos
authentication so only AD Windows 2003 authenticated users can surfing.
Well I perform the steps (explained at link

but when users tried to surfing the IE require user and password and
didn't surfing.
Can you help me.

**** MORE INFO ****

I did the following steps:

Install and configure samba
modify krb5.conf
net ads join -U DOMAIN\administrator
kinit administrator_at_DOMAIN
export KRB5_KTNAME=FILE:/etc/squid/HTTP.keytab
net ads keytab CREATE -U DOMAIN\administrator
net ads keytab ADD HTTP -U DOMAIN\administrator
chgrp squid /etc/squid/HTTP.keytab
chmod g+r /etc/squid/HTTP.keytab
modify squid startup file with :
    export KRB5_KTNAME

below squid.conf file:

auth_param negotiate program /usr/lib/squid/squid_kerb_auth
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl auth proxy_auth REQUIRED
http_access deny !auth
http_access allow auth
http_access deny all

With command :
/usr/lib/squid/squid_kerb_auth_test proxyserver
The token was displayed.
Received on Tue Jul 19 2011 - 21:15:53 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 20 2011 - 12:00:03 MDT