[19147] in Kerberos
Re: SSO with AD, Kerberos and squid ???
daemon@ATHENA.MIT.EDU (Matthew Smith)
Wed Apr 30 08:29:05 2003
Date: Wed, 30 Apr 2003 08:14:50 -0400
From: Matthew Smith <matt@forsetti.com>
Message-ID: <3eafbe3b@news0.ucc.uconn.edu>
To: kerberos@MIT.EDU
Errors-To: kerberos-bounces@mit.edu
greg wrote:
> Hi all
>
> This is the situation : In a network with win2000 servers, users on
> win2000 machines access internet trough a squid proxy. Active
> directory or openldap, depends on the solution of the current problem,
> is going to be set up. I'd like squid to permit access to internet
> only to users who are allowed to (kind of craziness, no?!?),
> permissions being declared in openldap or AD.
>
> This can be done with squid_auth_ldap module, but this require a
> password each time a user want to acces internet and I don't want
> password anymore!
>
> So is there a solution for that? I imagine the solution would be
> Active Directory + Kerberos, like in sso mechanism, but is there a
> kerberos support for squid?
> Maybe I'm on a wrong way?
>
> If any suggestion...
>
> --greg
Although Internet Explorer (5.x and higher, I think) is "Kerberized",
I think you'll have a hard time finding any proxy server that is also
kerberized (unless maybe MS Proxy?). On top of that, I don't know of
any other kerberized browsers, so all of your users would have to be
using IE.
Sort of chicken and egg -- nobody is writing kerberized browsers,
'cuz there aren't any kerberized web servers (except IIS), but no one is
writing kerberized web servers, 'cuz there aren't any kerberized
browsers.....
Although, I may be wrong -- if anyone knows of up and coming kerberos
additions to mozilla or "kerberizing" mods for apache (not mod_krb5),
I'd be intertested in hearing about it too.
-Matt
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
