SSO with AD, Kerberos and squid ???

Turbo Fredriksson turbo at bayour.com
Sat May 3 08:24:15 EDT 2003


Quoting debiansol at yahoo.fr (greg):

> But that's not exactly what I look for. I know squid_auth_ldap, but it
> requires a login and password when a user want to surf the web. What I
> want is users to connect with their normal account at their machine
> startup, to be recognized in an AD or ldap (via kerberos ?!), and to
> have acces or not to internet.

I'd like that to... But

> I imagine kerberos could distribute a
> ticket to users and to squid, like in a sso mechanism but applied only
> to my proxy for the moment.

You're only partly true. The question you should ask yourself is 'I have
this ticket, how do I get/show that to squid (or whatever)'... 

The answer here i 'through the browser'. That is, the browser should
'pick it up (from memory or file)' and deliver it 'on behalf of the user'.

Currently 'there is no browser that can do this'. I saw that mozilla 
_might_ do this, but it was not verified.

> I don't think there is any kerberos module available now for squid, so
> would it be quite easy to create one or not even considerable? I said
> 'easy' because I haven't much time and I'm not a great programmer !

Adding Kerberos support for squid wouldn't be TO difficult, but that
doesn't matter, since you have no means of transfering it (your ticket)
TO squid...


More information about the Kerberos mailing list