SSO with AD, Kerberos and squid ???
Matthew Smith
matt at forsetti.com
Wed Apr 30 08:14:50 EDT 2003
greg wrote:
> Hi all
>
> This is the situation : In a network with win2000 servers, users on
> win2000 machines access internet trough a squid proxy. Active
> directory or openldap, depends on the solution of the current problem,
> is going to be set up. I'd like squid to permit access to internet
> only to users who are allowed to (kind of craziness, no?!?),
> permissions being declared in openldap or AD.
>
> This can be done with squid_auth_ldap module, but this require a
> password each time a user want to acces internet and I don't want
> password anymore!
>
> So is there a solution for that? I imagine the solution would be
> Active Directory + Kerberos, like in sso mechanism, but is there a
> kerberos support for squid?
> Maybe I'm on a wrong way?
>
> If any suggestion...
>
> --greg
Although Internet Explorer (5.x and higher, I think) is "Kerberized",
I think you'll have a hard time finding any proxy server that is also
kerberized (unless maybe MS Proxy?). On top of that, I don't know of
any other kerberized browsers, so all of your users would have to be
using IE.
Sort of chicken and egg -- nobody is writing kerberized browsers,
'cuz there aren't any kerberized web servers (except IIS), but no one is
writing kerberized web servers, 'cuz there aren't any kerberized
browsers.....
Although, I may be wrong -- if anyone knows of up and coming kerberos
additions to mozilla or "kerberizing" mods for apache (not mod_krb5),
I'd be intertested in hearing about it too.
-Matt
More information about the Kerberos
mailing list