On Jun 6, 2008, at 2:55 PM, Henrik Nordstrom wrote:
On fre, 2008-06-06 at 14:33 -0700, Alex Morken wrote:
I have done a bit more testing and shut off my ldap authentication
and it seems that it still trying to use the basic auth. I have shut
squid completely down and restarted each time I change auth methods
per the documentation. How can I verify that it is indeed hitting
squid_kerb_auth?
Use squidclient and look at the response headers sent by Squid.
What is your auth_param settings?
auth_param negotiate program /usr/local/squid/libexec/squid_kerb_auth -d
auth_param negotiate children 10auth_param negotiate keep_alive on
auth_param basic program /usr/local/squid/libexec/pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
I have my debugging level set to 9 and have tried to
squid -k debug to see what I can get but I can't find where it is
trying to pass anything to squid_kerb_auth.
It will only talk to squid_kerb_auth when there is a client trying to
perform a kerberos handshake. Before that it's complete silence on the
helper side..
When I comment out the auth_param basic part of the file and restart
squid I get authentication denied and it doesn't look like it is
passing anything to kerberos. I do have acl's in place that require
auth and it works correctly when just using pam_auth. Am I missing
something for getting it to hit kerberos either on the ACL side of
things or on the auth_param side?
Thanks
Alex Morken
