Hello
I'm doing a test with squid using kerberos configured as follows squid
and kerberos
squid.conf
auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -d
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl auth proxy_auth REQUIRED
http_access allow auth
http_access deny all
krb4.conf
[libdefaults]
default_realm = VIALACTEA.CORP
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
dns_lookup_realm = true
dns_lookup_kdc = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
VIALACTEA.CORP = {
kdc = 192.168.1.155
admin_server = 192.168.1.155
}
[domain_realm]
.vialactea.corp = VIALACTEA.CORP
vialactea.corp = VIALACTEA.CORP
[login]
krb4_convert = true
krb4_get_tickets = false
On the client pointed out the proxy address configured and the following
variables firefox with the domain name:
network.negotiate-auth.delegation-uris
network.negotiate-auth.trusted-uris
When trying to browse I get the following messages in the logs with
debugging enabled.
2011/05/29 02:42:57| squid_kerb_auth: Got 'YR
TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid
(length: 59).
2011/05/29 02:42:57| squid_kerb_auth: received type 1 NTLM token
Does anyone have any idea of the problem? At the station installed
Kerbtray and it shows the ticket
Regards.
