Re: [squid-users] Re: squid_ldap_auth with SASL/GSSAPI

From: Павел Бычихин <pavel_at_hte.vl.net.ua>
Date: Sat, 16 Jun 2012 10:43:29 +0300

15.06.2012 20:17, Markus Moeller пишет:
> Hi Amos,
>
> http://squidkerbauth.sourceforge.net/ has only my helper squid_kerb_auth and squid_kerb_ldap which are both availabel in squid 3.2 as
> negotiate_kerberos_auth authentication helper and kerberos_ldap_group as external acl helper.
>
> So not exactly what was asked for I think.
>
> Markus
>

Amos suggested exactly what i need: squid_kerb_ldap.
In my system (FreeBSD 8.2) SQUID 3.2 is unavailable from ports. In addition, SQUID 3.2 is still beta.
For this reason, I did not install SQUID 3.2 and had no idea about kerberos_ldap_group.

>
> "Amos Jeffries" <squid3_at_treenet.co.nz> wrote in message news:4FDA952A.2030201_at_treenet.co.nz...
>> On 14/06/2012 11:25 p.m., Павел Бычихин wrote:
>>> 14.06.2012 13:11, Amos Jeffries пишет:
>>>> On 14/06/2012 7:57 p.m., Павел Бычихин wrote:
>>>>> Hi!
>>>>>
>>>>> Is it possible to use squid_ldap_auth with SASL/GSSAPI (My SQUID ver. is 3.1.19)
>>>>>
>>>>
>>>> * LDAP is a database access protocol
>>>> * SASL is a framework layer.
>>>> * GSSAPI is a Windows function API.
>>>>
>>>> One guess which squid_ldap_auth uses?
>>>>
>>>> You want SASL you try to find the "SASL" auth helper.
>>>>
>>>> You want GSSAPI you try to find the "SSPI" auth helper (only available on Windows native builds).
>>>>
>>>> http://www.squid-cache.org/Doc/man/
>>>>
>>>> (don't be fooled by the "Squid Version" column. That is only where the helper is documented for. Most of them exist in older Squid versions back to
>>>> 2.6 but in an undocumented form which differ slightly from the 3.2 release helper)
>>>>
>>>> Amos
>>>>
>>>
>>> I apologize for the inaccurate question.
>>> I need, that squid_ldap_auth did the authentication using Kerberos while connecting to Active Directory controler.
>>> Is it possible?
>>>
>>
>> Not with that helper, no. squid_ldap_auth takes in Basic authentication tokens.
>>
>> There is a different helper needed to perform Kerberos over LDAP.
>> http://squidkerbauth.sourceforge.net/
>>
>> Amos
>>
>> Amos
>>
>
>
>

-- 
С уважением,
Павел Бычихин
КП "ХТС"
тел. (057) 758-84-12
Received on Sat Jun 16 2012 - 07:43:49 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 16 2012 - 12:00:04 MDT