Hello,
i have currently a problem to setup squid authentication with kerberos. The
problem is not the authentication itself. It works fine, but only for one
AD-Domain. I have 6 AD Domains that have to authenticate trough this
squid-proxy. In the documentation
"https://wiki.squid-cache.org/Features/Authentication"; i have seen that my
problem could be solved by using full plain authentication with ldap. And that
is the current way i will solve this. But for future squid releases would it be
possible to change the Proxy authentication function to filter authentication
methods by source ip.
Example:
auth_param 1 negotiate program /usr/sbin/squid_kerb_auth
-k /etc/squid/HTTP_Domain1.keytab
auth_param 1 negotiate children 10
auth_param 1 negotiate keep_alive on
auth_param 2 negotiate program /usr/sbin/squid_kerb_auth
-k /etc/squid/HTTP_Domain2.keytab
auth_param 2 negotiate children 10
auth_param 2 negotiate keep_alive on
acl dom1-auth src 10.15.0.0/255.255.255.0 proxy_auth 1 REQUIRED
acl dom2-auth src 10.16.0.0/255.255.255.0 proxy_auth 2 REQUIRED
http_access allow dom1-auth
http_access allow dom2-auth
http_access deny all
I have show an example here by separate the authenticators by numbers, but it
could also be an ascii word.
Filter by LDAP Groups should also be possible like before.
Thank you for your help,
Hans-Peter
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
