Date: Thu, 30 Jun 2011 10:31:54 -0700 From: "Doug Sampson" <dougs@dawnsign.com> To: <freebsd-questions@freebsd.org> Subject: Squid with Kerberos user authentication Message-ID: <D358EEF1F9124D44B25B0ED225C8FDE6070C8A@hydra.dawnsign.com>
next in thread | raw e-mail | index | archive | help
I'm running squid on a proxy server for several years and now my boss wants usage reports organized by users' login names instead of IP addresses. We're in an Active Directory environment and use Kerberos authentication. I googled around and used this link: http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos#Squid_C onfiguration_File I made all the changes according to the instructions contained in the link. I ran into a problem with setting the KRB5_KTNAME variable (as listed in the "Squid Configuration File" section). It states as follows: --- Add the following to the squid startup script (Make sure the keytab is readable by the squid process owner e.g. chgrp squid /etc/squid/HTTP.keytab; chmod g+r /etc/squid/HTTP.keytab ) KRB5_KTNAME=3D/etc/squid/HTTP.keytab export KRB5_KTNAME --- I'm using the csh shell and apparently the export command isn't part of the csh shell. After some searching around, I came across this link:=20 http://www.cyberciti.biz/faq/freebsd-how-to-export-shell-variable/ which gives me the csh replacement for the bash export command. I tried this: # setenv KRB5_KTNAME /usr/local/etc/squid/krbcron_squid.keytab and it appears to have worked. On top of that, the instructions require that the establishment of the KRB5_KTNAME variable be done in the squid startup script. In the FreeBSD OS, would that be the /usr/local/etc/rc.d/squid file? I don't see a section for setenv in the squid.conf file. I know I am almost there but I need a nudge here! ~Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D358EEF1F9124D44B25B0ED225C8FDE6070C8A>