[squid-users] krb5.conf Example
Piana, Josh
Josh.Piana at hexcel.com
Thu Nov 21 15:54:44 UTC 2024
Hey Squid Users,
Wanted to reach out and see if there was an updated version of the /etc/krb5.conf example file anywhere.
I've been using "wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory" as a reference point and I'm concerned that the Squid 3, Windows 2003/2008, and such examples might be out of date.
As of right now, my krb5.conf file looks like this:
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = true
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
spake_preauth_groups = edwards25519
dns_canonicalize_hostname = true
qualify_shortname = ""
default_realm = AD.ARC-TECH.COM
default_ccache_name = KEYRING:persistent:%{uid}
udp_preference_limit = 0
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
This config file was done automatically when I joined the Linux Proxy Server to Windows AD using realmD. But I couldn't help but think there's a few things missing. I've been going through our whole Kerberos setup to figure out why Squid isn't using it when directed to in the squid.conf file.
Any help is always appreciated,
Josh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20241121/d2f3711c/attachment.htm>
More information about the squid-users
mailing list