Changes between Version 13 and Version 14 of howto/SquidKerberosAuthentication


Ignore:
Timestamp:
01/06/11 13:26:18 (13 years ago)
Author:
Edwin Eefting
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • howto/SquidKerberosAuthentication

    v13 v14  
    5757{{{
    5858[Syn-3] root@proxy.adtest.psy.datux.nl ~# cat /etc/krb5.conf
     59[libdefaults]
     60      default_realm =  ADTEST.PSY.DATUX.NL
     61      dns_lookup_kdc = no
     62      dns_lookup_realm = no
     63      default_keytab_name = /etc/krb5.keytab
     64
     65; for Windows 2003
     66      default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
     67      default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
     68      permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
     69
     70; for Windows 2008 with AES
     71;      default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
     72;      default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
     73;      permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
     74;
     75; for MIT/Heimdal kdc no need to restrict encryption type
     76
     77[realms]
     78       ADTEST.PSY.DATUX.NL = {
     79              kdc = w2k3-edwin.adtest.psy.datux.nl
     80              admin_server = w2k3-edwin.adtest.psy.datux.nl
     81      }
     82
     83[domain_realm]
     84      .adtest.psy.datux.nl =  ADTEST.PSY.DATUX.NL
     85      adtest.psy.datux.nl =  ADTEST.PSY.DATUX.NL
     86
    5987[logging]
    60  default = FILE:/var/log/krb5libs.log
    61  kdc = FILE:/var/log/krb5kdc.log
    62  admin_server = FILE:/var/log/kadmind.log
    63 
    64 [libdefaults]
    65  default_realm = ADTEST.PSY.DATUX.NL
    66  dns_lookup_realm = false
    67  dns_lookup_kdc = false
    68  ticket_lifetime = 24h
    69 
    70 # For Windows XP:
    71  default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
    72  default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
    73  permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
    74 
    75 # For Windows 2007:
    76 # default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
    77 # default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
    78 # permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
    79  forwardable = yes
    80 
    81 [realms]
    82  ADTEST.PSY.DATUX.NL = {
    83   kdc = 192.168.13.13:88
    84   admin_server = 192.168.13.13:7491
    85   default_domain = adtest.psy.datux.nl
    86  }
    87 
    88 [domain_realm]
    89  .adtest.psy.datux.nl = ADTEST.PSY.DATUX.NL
    90  adtest.psy.datux.nl = ADTEST.PSY.DATUX.NL
    91 
    92 [appdefaults]
    93  pam = {
    94    debug = false
    95    ticket_lifetime = 36000
    96    renew_lifetime = 36000
    97    forwardable = true
    98    krb4_convert = false
    99 }
     88  kdc = FILE:/var/log/kdc.log
     89  admin_server = FILE:/var/log/kadmin.log
     90  default = FILE:/var/log/krb5lib.log
    10091
    10192}}}