Time for action – configuring Negotiate authentication
Negotiate/Kerberos authentication is provided by the negotiate_kerberos_auth authentication helper. Next, we'll learn to configure the system running Squid to enable Negotiate authentication.
First of all, we need to generate a
keytabfile using thektpassutility on a Windows machine, as shown:ktpass -princ HTTP/proxy.example.com@REALM -mapuser proxy.example.com -crypto rc4-hmac-nt pass s3cr3t -ptype KRB5_NT_SRV_HST -out squid.keytabWe should make sure that we have a
proxy.example.comuser account on our Windows machine before generating thekeytabfile. Once thekeytabfile is generated, move it to an appropriate location on the Squid server, for example,/opt/squid/etc/squid.keytab. We should make sure that only the Squid user has access to thekeytabfile on our system.Now, we need to configure Kerberos on our Squid proxy server. For that, we need to change the
libdefaultssection in our Kerberos configuration file, which is generally...
