Authenticate squid in Active Directory

classic Classic list List threaded Threaded
42 messages Options
Reply | Threaded
Open this post in threaded view

Re: Authenticate squid in Active Directory

On Feb 8, 2008 7:58 AM, Lars Noodin <[hidden email]> wrote:

>        expected to emulate a Windows Server 200x domain controller.
>        But the interoperability issue goes far deeper than this.
>        In the domain control protocols that are used by MS Windows
>        XP Professional, there is a tight interdependency between
>        the Kerberos protocols and the Microsoft distributed
>        computing environment (DCE) RPCs that themselves are an
>        integral part of the SMB/CIFS protocols as used by Microsoft."

Why are you changing the discussion from authentication to file serving?

> So the kerberos question still remains unless there is more recent
> material somewhere that can show that these problems have been resolved.
>    I would have expected some documentation.

What kerberos question?  Per your original email

> Allowing AD near any part of your infrastructure is the opposite of
> useful and results in a net loss of productivity.  No.
> LDAP+Kerberos is one tried and true option, but there are others
> nowadays.  Don't confuse AD with a useful tool or with an authentication
> service

 Why are you confusing AD with file serving?  The original poster asked
about _AUTHENTICATION_  You are just serving plain FUD.

As of 2002, definitely not:
> > If you don't need to supoort Windows Vista client machines, you should
> be
> > all right.
> Nope.

Who gives a shit whether Vista needs to be supported or not?  I have Suse
boxes authenticating via kerberos from AD because - guess what - it improves
productivity and security.

MS Exchange was one of the productivity killers I referred to earlier.
> For people that use e-mail, it's an albatross.  For people that need to
> use e-mail for their job, well, they can't work.

Again - what is your point?  Sexchange and LookOut sucks.  The original
poster is asking about authenticating via AD.  Your ranting about other
topics is.... off topic.

"This officer's men seem to follow him merely out of idle curiosity."  --
Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted."  -- Gene Spafford
learn french:

Reply | Threaded
Open this post in threaded view

Re: Authenticate squid in Active Directory

Lars D. Noodén
In reply to this post by Karl Karlsson
Karl Karlsson wrote:

> Those standards i fully agree with. I got a bit a float there and thought
> you meant it in a broader sense as it's going almost everywhere these days
> where they use pam to glue every one and everything together. But this
> really is off topic from that AD where we started. :)

Not entirely, if you could add something like the following, but pam may
not be so relevant for Squid:

  /etc/pam.d/common-krb5 to use as an include file for PAM:
    auth  sufficient  /lib/insecurity/ use_first_pass