On 22/9/2011 8:47 πμ, Nikolaos Milas wrote:
> Many thanks Markus,
>
> I also discovered, after each authentication attempt from the browser,
> in squid cache.log the following errors:
A question that might shed some light:
Do I have to create a kerberos host and service for every final client,
and then transfer a keytab to the respective client?
Until now, I have the impression that this is not needed (and I have not
done it). I believe that *the user* who is authenticating to squid
(using a browser) must have a record in Kerberos server (and not his
machine).
So, on the client side we (should) need nothing but a kerberos-capable
browser.
On the squid side we need a keytab for the squid service
(HTTP/squid.example.com) which is defined/stored in kerberos server.
So squid should be able to receive the request from a client (a user,
through a browser) to authenticate (to squid) and then pass it to
kerberos server?
How things work? (I haven't found details in the documentation.)
Thanks,
Nick
This archive was generated by hypermail 2.2.0 : Fri Sep 23 2011 - 12:00:01 MDT