Changes between Version 8 and Version 9 of howto/SquidKerberosAuthentication

Timestamp:

12/22/10 20:16:29 (15 years ago)

Author:

Edwin Eefting

Comment:

--

howto/SquidKerberosAuthentication

@@ -50 +50 @@
 Eerst moeten we zorgen dat kerberos goed werkt. De config staat nog in /etc, maar deze komt later misschien in /home/system:
 {{{
+[Syn-3] root@proxy.adtest.psy.datux.nl ~# cat /etc/krb5.conf
+[logging]
+ default = FILE:/var/log/krb5libs.log
+ kdc = FILE:/var/log/krb5kdc.log
+ admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+ default_realm = ADTEST.PSY.DATUX.NL
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+
+# For Windows XP:
+ default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
+ default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
+ permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
+
+# For Windows 2007:
+# default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
+# default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
+# permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
+ forwardable = yes
+
+[realms]
+ ADTEST.PSY.DATUX.NL = {
+  kdc = 192.168.13.13:88
+  admin_server = 192.168.13.13:7491
+  default_domain = adtest.psy.datux.nl
+ }
+
+[domain_realm]
+ .adtest.psy.datux.nl = ADTEST.PSY.DATUX.NL
+ adtest.psy.datux.nl = ADTEST.PSY.DATUX.NL
+
+[appdefaults]
+ pam = {
+   debug = false
+   ticket_lifetime = 36000
+   renew_lifetime = 36000
+   forwardable = true
+   krb4_convert = false
+}
+
 }}}