[squid-users] Squid, Kerberos and FireFox (Was: Re: leaking memory in squid 3.4.8 and 3.4.7.)

Eugene M. Zheganin eugene at zhegan.in
Mon Oct 20 18:11:28 UTC 2014


Hi.

On 20.10.2014 22:29, Victor Sudakov wrote:
> That's what we did.
>
> 1. Created an AD user called squiduser.
>
> 2. Extracted its keytab with something like
>
> ktpass -princ HTTP/proxy.sibptus.transneft.ru at SIBPTUS.TRANSNEFT.RU -mapuser squiduser +rndPass  -out squid.keytab -ptype KRB5_NT_PRINCIPAL /target dc01-sibptus -kvno 1 -crypto All
>
> 3. Checked the mapping with "setspn -Q HTTP/*" (positive) and checked
> for duplicate SPNs with "setspn -X" (negative).
>
> 4. Transferred squid.keytab to the proxy host.
>
> Does it agree with your understanding of the right way?
>
Yup.

Eugene.


More information about the squid-users mailing list