[squid-users] Re: Advices for a squid cluster with kerberos auth

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Thu, 20 May 2010 21:51:08 +0100

It will work with the right setup (e.g. you have to copy the Kerberos keytab
to all machines and use the -s HTTP/<RR-DNS-name> or -s GSS_C_NO_NAME option
with squid_kerb_auth).

Regards
Markus

"Amos Jeffries" <squid3_at_treenet.co.nz> wrote in message
news:4BF52C87.9080904_at_treenet.co.nz...
> Emmanuel Lesouef wrote:
>> Hello,
>>
>> I'm currently satisfied with my round-robin DNS enabled "cluster" of
>> two Squid with ntlm authentication.
>>
>> But, with th appearance of Windows 7 and Windows 2008, I see by
>> searching for documentation on the web that I need to use Kerberos
>> Authentication if I would like Internet Explorer 8 from 2008 or 7 to
>> work.
>>
>> Do you have any advices for achieving this setup ? What clustering
>> mechanism do you use. Does the kerberos part of the install need to be
>> customized to support being put in cluster mode (which needs to be
>> defined) ?
>>
>> Thanks for your helps and docs.
>>
>> PS : Testing it will be easy so I thinks I'll enable Debian Backports
>> repository in order to have 2.7STABLE9.
>>
>
> Without havign used either, I expect if your clustering setup works with
> NTLM it will work equally well or better for Kerberos.
>
> The two protocols are very much similar, with Kerberos doing away with one
> of the handshake HTTP reject messages.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.3
>
Received on Thu May 20 2010 - 20:51:36 MDT

This archive was generated by hypermail 2.2.0 : Fri May 21 2010 - 12:00:05 MDT