From owner-freebsd-questions@FreeBSD.ORG Thu Jun 30 18:02:55 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 023C6106564A for ; Thu, 30 Jun 2011 18:02:55 +0000 (UTC) (envelope-from dougs@dawnsign.com) Received: from mailfilter.dawnsign.com (hydra.dawnsign.com [69.198.101.212]) by mx1.freebsd.org (Postfix) with ESMTP id DBB9E8FC0C for ; Thu, 30 Jun 2011 18:02:54 +0000 (UTC) Received: from mailfilter.dawnsign.com (localhost [127.0.0.1]) by mailfilter.dawnsign.com (Postfix) with ESMTP id A772F95875 for ; Thu, 30 Jun 2011 10:43:13 -0700 (PDT) Received: from hydra.dawnsign.com (unknown [192.168.101.11]) by mailfilter.dawnsign.com (Postfix) with SMTP id 8CEF395870 for ; Thu, 30 Jun 2011 10:43:13 -0700 (PDT) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Thu, 30 Jun 2011 10:31:54 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Squid with Kerberos user authentication Thread-Index: Acw3S40IX41KYyAwSKaI1SWAbqe1ZA== From: "Doug Sampson" To: X-Virus-Scanned: ClamAV using ClamSMTP Subject: Squid with Kerberos user authentication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2011 18:02:55 -0000 I'm running squid on a proxy server for several years and now my boss wants usage reports organized by users' login names instead of IP addresses. We're in an Active Directory environment and use Kerberos authentication. I googled around and used this link: http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos#Squid_C onfiguration_File I made all the changes according to the instructions contained in the link. I ran into a problem with setting the KRB5_KTNAME variable (as listed in the "Squid Configuration File" section). It states as follows: --- Add the following to the squid startup script (Make sure the keytab is readable by the squid process owner e.g. chgrp squid /etc/squid/HTTP.keytab; chmod g+r /etc/squid/HTTP.keytab ) KRB5_KTNAME=3D/etc/squid/HTTP.keytab export KRB5_KTNAME --- I'm using the csh shell and apparently the export command isn't part of the csh shell. After some searching around, I came across this link:=20 http://www.cyberciti.biz/faq/freebsd-how-to-export-shell-variable/ which gives me the csh replacement for the bash export command. I tried this: # setenv KRB5_KTNAME /usr/local/etc/squid/krbcron_squid.keytab and it appears to have worked. On top of that, the instructions require that the establishment of the KRB5_KTNAME variable be done in the squid startup script. In the FreeBSD OS, would that be the /usr/local/etc/rc.d/squid file? I don't see a section for setenv in the squid.conf file. I know I am almost there but I need a nudge here! ~Doug