In more detail the required steps for squid_kerb_auth (from
https://sourceforge.net/project/showfiles.php?group_id=196348 or from latest
squid distribution) are:
1) Install kerberos client package
2) Install msktutil package from
http://dag.wieers.com/rpm/packages/msktutil/
3) Configure krb5.conf
4) Configure squid by adding
auth_param negotiate program /usr/sbin/squid_kerb_auth
auth_param negotiate children 10
auth_param negotiate keep_alive on
5) Create keytab for HTTP/fqdn with msktutil.
a) kinit administrator_at_DOMAIN
b) msktutil -c -b "CN=COMPUTERS" -s HTTP/<fqdn> -h <fqdn> -k
/etc/squid/HTTP.keytab --computer-name squid-HTTP --upn HTTP/<fqdn> --server
<domain controller> --verbose
6) Add the following to thw squid startup script
KRB5_KTNAME=/etc/squid/HTTP.keytab
export KRB5_KTNAME
7) Done
Markus
Received on Sat Mar 21 2009 - 15:35:48 MDT
This archive was generated by hypermail 2.2.0 : Sun Mar 22 2009 - 12:00:02 MDT