Re: [squid-users] Re: Kerberos

From: Matthew Smith <mps_at_utas.edu.au>
Date: Mon, 17 May 2010 15:59:54 +1000

Hi Markus,

Thanks for the info. If squid can use MIT kerberos, then hopefully I should be ok to get it working with Mac OS X Server (and OpenDirectory), based off http://developer.apple.com/opensource/kerberosintro.html

On the Novell front, it's harder to find info on it's kerberos integration, but it looks like it's available.

I guess I'll just have to experiment, and see how I go.

Thanks heaps for the help.

Matt

On 17/05/2010, at 3:30 PM, Markus Moeller wrote:

> Hi Matthew,
>
> I think you are a bit confused. AD offers a Kerberos and ldap service. OpenDirecttory or eDirectory is just ldap and has nothing to do with Kerberos (as far as I know). You can use AD, MIT Kerberos, Heimdal Kerberos or any other Implementation (e.g. Solaris based) for authentication with squid.
>
> Regards
> Markus
>
> "Matthew Smith" <mps_at_utas.edu.au> wrote in message news:AB612D11-33B4-442C-8779-3EA2EF75AABA_at_utas.edu.au...
> Hi Amos,
>
> Thanks for the reply, you have left me very confused, though. We are talking about MIT's kerberos, right?
>
> http://en.wikipedia.org/wiki/Kerberos_(protocol)
>
> My understanding is that kerberos is a protocol for authentication, and other directory services (like Mac OS X's OpenDirectory) support it as well as AD.
>
> Thanks for the link to the wiki, I had a quick look through, and I'll see if I can get it going with AD as a test. Does anyone know if any other directory services that implement Kerberos are supported? I'd like to see if I can get it to work with OpenDirectory or maybe Novell eDirectory.
>
> Thanks for the help!
>
> Matt Smith
>
> On 17/05/2010, at 1:57 PM, Amos Jeffries wrote:
>
>> On Mon, 17 May 2010 11:15:06 +1000, Matthew Smith <mps_at_utas.edu.au> wrote:
>>> Hi!
>>>
>>> I have been trying to find out some info on kerberos auth and squid, but
>>> most of my searching points to setting up kerberos for single signon
>> with
>>> windows AD. Are other directory services supported? If so, which? Also
>> does
>>> anyone know of some good beginner style resources for setting up kerb
>> auth
>>> with squid?
>>
>> That would be because the protocol is a proprietary one by Microsoft.
>> Non-microsoft software would tend to lean towards other free alternatives.
>>
>> Have you seen the wiki Kerberos pages?
>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
>>
>> Amos
>
>
>
Received on Mon May 17 2010 - 06:00:00 MDT

This archive was generated by hypermail 2.2.0 : Mon May 17 2010 - 12:00:05 MDT