[squid-users] dubt about kerberos authentication in the Squid 3
Marcio Demetrio Bacci
marciobacci at gmail.com
Sat Aug 20 21:29:08 UTC 2016
Hi
I have many dubt about kerberos authentication in the Squid 3 (3.4.8) on
Debian 8. I'm using Samba 4 (4.2.1) as DC.
If I to join Squid Server in the Domain (net ads join) I don't need to
execute the command-line msktutil as bellow ?
msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.example.local -k
/etc/squid3/PROXY.keytab \
--computer-name SQUIDPROXY-K --upn HTTP/squidproxy.example.local --server
dc1.example.local --verbose
Is SQUIDPROXY-K an alias for squidproxy.example.local or is another server?
What is the correct value for default_keytab_name in /etc/krb5.conf file:
= /etc/squid3/HTTP.keytab or /etc/krb5.keytab?
Have to enable Samba4 and Winbind services or disable ?
Is join the Squid server on Domain better use than msktutil command?
Does Kerberos uses enctypes by default? My DC is Samba4. Do I need to
configure the following directives in /etc/krb5.conf ?
;for Windows 2008 with AES
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des-cbc-md5
Regards,
Márcio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160820/0ca8d54d/attachment.html>
More information about the squid-users
mailing list