[squid-users] squid auth
Alex Samad
alex at samad.com.au
Tue Dec 8 06:44:43 UTC 2015
Hi
Currently using 3.1 (from centos 6)
I have setup squid to auth against MS AD
I have
# #######
# Negotiate
# #######
# http://wiki.squid-cache.org/Features/Authentication
# http://wiki.squid-cache.org/Features/NegotiateAuthentication
auth_param negotiate program /usr/bin/ntlm_auth
--helper-protocol=gss-spnego --configfile /etc/samba/smb.conf-squid
auth_param negotiate children 10 startup=0 idle=3
auth_param negotiate keep_alive on
# #######
# NTLM AUTH
# #######
# ntlm auth
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --configfile
/etc/samba/smb.conf-squid
auth_param ntlm children 10
#auth_param ntlm children 10 startup=0 idle=3
#auth_param ntlm keep_alive
# #######
# NTLM over basic
# #######
# warning: basic authentication sends passwords plaintext
# a network sniffer can and will discover passwords
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic --configfile
/etc/samba/smb.conf-squid
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
I want to move towards using kerberos come to this page
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
worked through that, but i saw this
Do not use this method if you run winbindd or other samba services as
samba will reset the machine password every x days and thereby makes
the keytab invalid !!
I have winbindd running for my users list in linux
is there a way around this and if not how
then found this one
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
but I am not using msktutil, i do have samba and the krb-workstation installed
Now I'm a bit lost..
More information about the squid-users
mailing list