[squid-users] Re: Re: Squid Kerb Auth Issue

Thu, 25 Mar 2010 12:42:08 -0700 

Hi Nick,
That looks alright, but I am wondering that because you share the HTTP AD entry with you samba host entry a change by samba to the AD entry makes your HTTP keytab invalid. 

Regards
Markus


BTW There is more documentation here 
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos



"Nick Cairncross" <nick.cairncr...@condenast.co.uk> wrote in message 
news:c7d130f3.1d842%nick.cairncr...@condenast.co.uk...

Markus,

kinit ncairncross
export KRB5_KTNAME=FILE:/etc/squid/HTTP.keytab
net ads keytab CREATE
net ads keytab ADD HTTP
unset KRB5_KTNAME


The made sure the keytab is readable by the squid process owner e.g. chgrp 
squid /etc/squid/HTTP.keytab; chmod g+r /etc/squid/HTTP.keytab )


Is there another way to do this (or have I done it wrong)

Nick




On 24/03/2010 23:45, "Markus Moeller" <hua...@moeller.plus.com> wrote:


How did you create the keytab ?

Markus

"Nick Cairncross" <nick.cairncr...@condenast.co.uk> wrote in message
news:c7ce8144.1d5e1%nick.cairncr...@condenast.co.uk...
Hi,


I'm concerned by a problem with my HTTP.keytab 'expiring'. My test base 
have

reported a problem to me that they are prompted repeatedly for an

unsatisfiable username and password. When I checked cache.log I noticed 
that

there was a KVNO mismatch being reported. I regenerated my keytab and all
was well again. However, I was worried by this so I looked back over my
emails and I noticed the same problem occurred 7 days ago (almost to the
hour). Does anyone have a suggestion as to what might have caused
this/things to check? There haven't been any AD changes.

Thanks,


Nick





** Please consider the environment before printing this e-mail **


The information contained in this e-mail is of a confidential nature and is 
intended only for the addressee.  If you are not the intended addressee, any 
disclosure, copying or distribution by you is prohibited and may be 
unlawful.  Disclosure to any party other than the addressee, whether 
inadvertent or otherwise, is not intended to waive privilege or 
confidentiality.  Internet communications are not secure and therefore Conde 
Nast does not accept legal responsibility for the contents of this message. 
Any views or opinions expressed are those of the author.


Company Registration details:
The Conde Nast Publications Ltd
Vogue House
Hanover Square
London W1S 1JU

Registered in London No. 226900
























					Reply via email to