Re: [squid-users] Re: kerberos annoyances [solved]

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 16 Oct 2013 18:12:47 +1300

On 16/10/2013 4:36 p.m., Eliezer Croitoru wrote:
> On 10/15/2013 02:12 PM, Marko Cupańá wrote:
>> Thank you for your will to help me. It was my mistake, as I recompiled
>> the port in order to get LDAP authentication helpers which I had
>> previously turned off. This of course reinstalled rc script which
>> overwrote line crucial for kerberos to work (export KRB5_KTNAME).
>>
>> I even wrote about this on freebsd-ports list, anticipating problems:
>> http://lists.freebsd.org/pipermail/freebsd-ports/2013-October/086799.html
>>
>>
>> After re-adding the line I am authenticated again.
>>
>> Now I need to figure out other aspects how to simulate other aspects of
>> dansguardian/NTLM (such as more informative error pages) but that will
>> be another thread perhaps.
>>
> Hey,
>
> I am a bit curios about something.
> why NTLM now?
> I am asking since I am not sure since when Kerberos is like the basic
> auth service for MS and many other IT infrastructures..

Since 2006 officially.

Which kind of answers your question. We are still inside the 5-10 year
period where Kerberos is being picked up by Enterprise admin but not yet
having reached the 10+ year period where the slowest refresh cycles take
place. So Kerberos is not quite universally usable on some networks.
  Which for a critical security update is quite disappointing.

Amos
Received on Wed Oct 16 2013 - 05:12:53 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 16 2013 - 12:00:05 MDT