Hi Markus, Thanks for the info. If squid can use MIT kerberos, then hopefully I should be ok to get it working with Mac OS X Server (and OpenDirectory), based off http://developer.apple.com/opensource/kerberosintro.html On the Novell front, it's harder to find info on it's kerberos integration, but it looks like it's available. I guess I'll just have to experiment, and see how I go. Thanks heaps for the help. Matt On 17/05/2010, at 3:30 PM, Markus Moeller wrote: > Hi Matthew, > > I think you are a bit confused. AD offers a Kerberos and ldap service. OpenDirecttory or eDirectory is just ldap and has nothing to do with Kerberos (as far as I know). You can use AD, MIT Kerberos, Heimdal Kerberos or any other Implementation (e.g. Solaris based) for authentication with squid. > > Regards > Markus > > "Matthew Smith" <mps@xxxxxxxxxxx> wrote in message news:AB612D11-33B4-442C-8779-3EA2EF75AABA@xxxxxxxxxxxxxx > Hi Amos, > > Thanks for the reply, you have left me very confused, though. We are talking about MIT's kerberos, right? > > http://en.wikipedia.org/wiki/Kerberos_(protocol) > > My understanding is that kerberos is a protocol for authentication, and other directory services (like Mac OS X's OpenDirectory) support it as well as AD. > > Thanks for the link to the wiki, I had a quick look through, and I'll see if I can get it going with AD as a test. Does anyone know if any other directory services that implement Kerberos are supported? I'd like to see if I can get it to work with OpenDirectory or maybe Novell eDirectory. > > Thanks for the help! > > Matt Smith > > On 17/05/2010, at 1:57 PM, Amos Jeffries wrote: > >> On Mon, 17 May 2010 11:15:06 +1000, Matthew Smith <mps@xxxxxxxxxxx> wrote: >>> Hi! >>> >>> I have been trying to find out some info on kerberos auth and squid, but >>> most of my searching points to setting up kerberos for single signon >> with >>> windows AD. Are other directory services supported? If so, which? Also >> does >>> anyone know of some good beginner style resources for setting up kerb >> auth >>> with squid? >> >> That would be because the protocol is a proprietary one by Microsoft. >> Non-microsoft software would tend to lean towards other free alternatives. >> >> Have you seen the wiki Kerberos pages? >> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos >> >> Amos > > >
