[squid-users] dubt about kerberos authentication in the Squid 3

Marcio Demetrio Bacci marciobacci at gmail.com
Sat Aug 20 21:29:08 UTC 2016


Hi

I have many dubt about kerberos authentication in the Squid 3 (3.4.8) on
Debian 8. I'm using Samba 4 (4.2.1) as DC.

If I to join Squid Server in the Domain (net ads join) I don't need to
execute the command-line msktutil as bellow ?

msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.example.local -k
/etc/squid3/PROXY.keytab \
--computer-name SQUIDPROXY-K --upn HTTP/squidproxy.example.local --server
dc1.example.local --verbose

Is SQUIDPROXY-K an alias for squidproxy.example.local or is another server?

What is the correct value for default_keytab_name in /etc/krb5.conf file:
 = /etc/squid3/HTTP.keytab  or /etc/krb5.keytab?

Have to enable Samba4 and Winbind services or disable ?


Is join the Squid server on Domain better use than msktutil command?

Does Kerberos uses enctypes by default? My DC is Samba4. Do I need to
configure the following directives in /etc/krb5.conf ?

;for Windows 2008 with AES
    default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
   default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
   permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5

Regards,

Márcio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160820/0ca8d54d/attachment.html>


More information about the squid-users mailing list