Re: [squid-users] Squid > Kerberos authentication

From: Extra Fu <extrafu_at_gmail.com>
Date: Sun, 29 Nov 2009 09:26:07 -0500

Hello Malte,

First of all, thanks for your prompt reply.

> at least on Linux it is possible to obtain a valid ticket with the
> kinit command. If you want to integrate it further you should take a
> look at the kerberos PAM-module (libpam-krb5 on debian).
>
> Firefox is then able to use kerberos to authenticate to Squid. I use
> this kind of setup in a productive environment.

Yep, that's what I thought.

In any case, if the ticket has to be present for things to work (which
is normal), what are the options for Windows users (not logged in on
the domain)? In my case, the real use of the Squid proxy is for users
outside of my network, for letting them access resources for which
their access is limited to my local network (think of a library
proxy).

Since we can't have encryption between the browser and the Squid
proxy, the most secure authentication mechanism has to be used... of
course users could just use the VPN server, but that's an other story
:-/

Thanks,
Received on Sun Nov 29 2009 - 14:26:14 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 30 2009 - 12:00:04 MST