Hello all,
I have looked everywhere, the archives, FAQs, man pages, squid.conf
etc. I must be missing something. PLEASE CAN SOMEONE HELP!
We have at our client, Linux with Kerberos 5 setup to authenticate users
wishing to use Squid via Active Directory Services on NT. The NT system
is the KDC.
With a single domain this works great, but we need to have two other
domains authenticated. The PDCs for these domains are remotely accessed,
this we can get working from Linux via command line.
Problem is: can we get Squid to handle user@domain, user\domain or
something similar for proxy authentication from Internet Explorer?
We have in squid.conf:
authenticate_program /usr/lib/squid/pam_auth
acl authenticated proxy_auth REQUIRED
http_access allow internalhosts authenticated
and in /etc/pam.d/squid:
auth required /lib/security/pam_krb5.so try_first_pass debug
no_user_check
account required /lib/security/pam_permit.so
I've looked at external_acl_type but I'm probably horribly lost...
--
Robert Gabriel, Tangent Systems <robertg@tangent.co.za>
ADA8 906F FFA6 B513 C179 FFAB 373B 3BF3 144A 60A
1024D/144A60A3 2003-03-05 (www.pgpkeys.net)
http://www.tangent.co.za/keys/robertg.asc
This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:05 MST