Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#532 Add support for kerberos authentication to proxy server

open
nobody
None
5
2013-04-17
2013-04-17
Anonymous
No

Adding support for squid to use kerberos authentication would help increase security when wanting to use Windows integrated (transparent) authentication.
Currently only LM/NTLM authentication is supported for Windows integrated (transparent) authentication.
The problem with the above is on windows vista/2008 and higher only NTLMv2 responses are supported by default
(Microsoft has disabled LM & NTLM responses to increase domain security)

currently the squid auth helper squid_kerb_auth and negotiate_kerb_auth are installed but the libraries libkrb5support.so.0 is missing, so they can not be used.
At minimum can the libraries to be able to run squid_kerb_auth and negotiate_kerb_auth be included, so it can be configured manually though ssh?
and work on adding web GUI support in the future after that.

Discussion

  • Eric Shubert
    Eric Shubert
    2013-04-17

    If you're inclined to roll your own IPCop for the time being, I believe that if you comment out the following in the config/rootfiles/krb5 file, it will build what you're looking for.
    #usr/lib/libkrb5support.so.0
    #usr/lib/libkrb5support.so.0.1