Hi Markus,
The answers are:
1) Yes
2) The keytab contains the hostname of the squid server. So you would
need multiple keytabs
3) The principal name will be based on a fixed part HTTP and the name you
use in the Browser configuration. If you use in IE squid1.domain.com then
you must have a principal HTTP/squid1.domain.com
4) You must use the same if apache runs on the same server as squid as
both require HTTP/<hostname>
Regards
Markus
"Rietzler, Markus (RZF, SG 324 / <RIETZLER_SOFTWARE>)"
<markus.rietzler@xxxxxxxxx> wrote in message
news:1FCF9DA5B29068478ECF15896F19F0844B8BE65A@xxxxxxxxxxxxxx.local...
i am planing to setup kerberos auth in squid. At the moment we are using
ntlm auth but want also to provide Kerberos/negotiate auth.
A few questions:
1) Do we need a keytab file?
2) We have multiple squid-servers, do I need an individual keytab-file for
each server or would it be enough to have one keytab file and then copy this
to the servers. In each of our subsidiary there is working one single squid.
so the users would see and use only this squid proxy.
3) I have to setup the principal as HTTP/squid.local (squid is here only a
name, not a hostname or such), right or do I need the host
HTTP/squid.host.local
4) Can I use the same keytab for apache and squid-auth?
thanxs
mfg
Markus Rietzler
<rietzler_software/>
Rechenzentrum der Finanzverwaltung
Tel: 0211/4572-2130
mfg
Markus Rietzler
<rietzler_software/>
Rechenzentrum der Finanzverwaltung
Tel: 0211/4572-2130