On 07/05/2011 05:04 PM, Roland Roland wrote:
>
> Hello,
>
> i'm trying to get squid to work with a max os x based LDAP.
>
> I have a couple of questions if you can help me with:
>
> 1. Does a centos based yum installation contain ldap and kerberos
> support?
> 2. Is the following squid.conf config enough to get things up and
> running (complete article
> <http://www.cyberciti.biz/tips/howto-configure-squid-ldap-authentication.html>)
> |auth_param basic program /usr/lib/squid/squid_ldap_auth -b
> "dc=nixcraft,dc=com" -f "uid=%s" -h ldap.nixcraft.com
> acl ldapauth proxy_auth REQUIRED
> http_access allow ldapauth
> http_access deny all
>
> 3. If repository based squid doesn't come with ldap/kerberos support.
> is the following enough:
> |./configure --enable-basic-auth-helpers="LDAP"
> --enable-external-acl-helpers=ldap_group
>
> NB: if you can guide me to a how to i'd appreciate it.
>
>
> Thank you for help and best regards,
>
> --Roland
I configured something similar recently - Kerberos authentication with a
Mac OS X Server, and Mac OS and RHEL clients. I'm not worried about
LDAP, just the Kerberos part. That config you've got there uses Basic
Auth, which means plaintext. In most environments that is not acceptable.
I think it should work with Squid 2.6 (the version that comes with
Centos 5.6), but I wanted to get dynamic SSL certificate generation
working, so I've compiled and run a very recent release. The CentOS RPM
does include the helpers, so it should do what you want.
- Lindsay
Received on Tue Jul 05 2011 - 05:25:11 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 05 2011 - 12:00:01 MDT