To configure the client side of Kerberos:
mv /tmp/squid.keytab /etc/krb5.keytab
chown squid:squid krb5.keytab
chown proxy:proxy krb5.keytab
By default, the owner of the krb5.keytab file is superuser.
auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -s HTTP/<name of the server hosting the Squid service>@<realm Active Directory>
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl lan proxy_auth REQUIRED
icap_send_client_username on
http_access allow lan
auth_param negotiate program /usr/sbin/negotiate_kerberos_auth -s HTTP/<name of the server hosting the Squid service>@<realm Active Directory>
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl lan proxy_auth REQUIRED
icap_send_client_username on
http_access allow lan
auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -s HTTP/<name of the server hosting the Squid service>@<realm Active Directory>
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl lan proxy_auth REQUIRED
icap_send_client_username on
http_access allow lan
-d
parameter to the first string:auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -d -s HTTP/<name of the server hosting the Squid service>@<realm Active Directory>
auth_param negotiate program /usr/sbin/negotiate_kerberos_auth -d -s HTTP/<name of the server hosting the Squid service>@<realm Active Directory>
auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -d -s HTTP/<name of the server hosting the Squid service>@<realm Active Directory>
Debug events will be written to the file /var/log/squid/cache.log.
service squid restart
The client side of Kerberos will be configured.
Page top