On 22/9/2011 8:47 πμ, Nikolaos Milas wrote:
Many thanks Markus,I also discovered, after each authentication attempt from the browser, in squid cache.log the following errors:
A question that might shed some light:Do I have to create a kerberos host and service for every final client, and then transfer a keytab to the respective client?
Until now, I have the impression that this is not needed (and I have not done it). I believe that *the user* who is authenticating to squid (using a browser) must have a record in Kerberos server (and not his machine).
So, on the client side we (should) need nothing but a kerberos-capable browser. On the squid side we need a keytab for the squid service (HTTP/squid.example.com) which is defined/stored in kerberos server.
So squid should be able to receive the request from a client (a user, through a browser) to authenticate (to squid) and then pass it to kerberos server?
How things work? (I haven't found details in the documentation.) Thanks, Nick
<<attachment: smime.p7s>>
