Search squid archive

Re: squid kerberos auth for multiple proxy servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Markus,

 The answers are:
 1) Yes
2) The keytab contains the hostname of the squid server. So you would need multiple keytabs 3) The principal name will be based on a fixed part HTTP and the name you use in the Browser configuration. If you use in IE squid1.domain.com then you must have a principal HTTP/squid1.domain.com 4) You must use the same if apache runs on the same server as squid as both require HTTP/<hostname>

Regards
Markus


"Rietzler, Markus (RZF, SG 324 / <RIETZLER_SOFTWARE>)" <markus.rietzler@xxxxxxxxx> wrote in message news:1FCF9DA5B29068478ECF15896F19F0844B8BE65A@xxxxxxxxxxxxxx.local... i am planing to setup kerberos auth in squid. At the moment we are using ntlm auth but want also to provide Kerberos/negotiate auth.

A few questions:

1) Do we need a keytab file?
2) We have multiple squid-servers, do I need an individual keytab-file for each server or would it be enough to have one keytab file and then copy this to the servers. In each of our subsidiary there is working one single squid. so the users would see and use only this squid proxy. 3) I have to setup the principal as HTTP/squid.local (squid is here only a name, not a hostname or such), right or do I need the host HTTP/squid.host.local
4) Can I use the same keytab for apache and squid-auth?

thanxs

mfg

Markus Rietzler
<rietzler_software/>
Rechenzentrum der Finanzverwaltung

Tel: 0211/4572-2130



mfg

Markus Rietzler
<rietzler_software/>
Rechenzentrum der Finanzverwaltung

Tel: 0211/4572-2130





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux