pool/squid
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
45 Commits 2 Branches 0 Tags 2 MiB
Perl 93.2%
Shell 4.8%
sed 2%
30b301923f
Go to file
Jochen Keil 30b301923f - Changes to squid-3.5.8 (02 Sep 2015): 
* Regression Bug 4306: build portability fix in Kerberos helpers
  * Bug 4302: IPFilter v5 transparent interception
  * Bug 4301: compile errors with IPFilter interception
  * Bug 4285 partial: %us is not supported in access.log
  * Bug 4278: Docs: typo in the refresh_pattern freshness algorithm
  * Bug 4242: compile errors with eCAP using clang-3.6
  * Bug 3696: crash when client delay pools are activated
  * Bug 3553: cache_swap_high ignored and maxCapacity used instead
  * Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion
  * Fix ignore of impossible SSL bumping actions, as intended and documented
  * Fix memory leak in Surrogate-Capability header detection
  * Fix truncated body length when RESPMOD service aborts
  * Reject non-chunked HTTP messages with conflicting Content-Length values
  * Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello
  * ... and several portability and compile fixes
  * ... and several documentation updates

OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=86
2015-09-03 13:02:05 +00:00
.gitattributes unlink from Factory 2012-10-22 19:07:11 +00:00
.gitignore unlink from Factory 2012-10-22 19:07:11 +00:00
pam.squid unlink from Factory 2012-10-22 19:07:11 +00:00
README.kerberos unlink from Factory 2012-10-22 19:07:11 +00:00
squid-3.5.8.tar.xz - Changes to squid-3.5.8 (02 Sep 2015): 2015-09-03 13:02:05 +00:00
squid-3.5.8.tar.xz.asc - Changes to squid-3.5.8 (02 Sep 2015): 2015-09-03 13:02:05 +00:00
squid-brokenad.patch Accepting request 308402 from server:proxy:Test 2015-05-22 18:22:37 +00:00
squid-config.patch Accepting request 320787 from server:proxy:Test 2015-08-05 21:25:35 +00:00
squid-old-kerberos.patch Accepting request 308402 from server:proxy:Test 2015-05-22 18:22:37 +00:00
squid-rpmlintrc Accepting request 266863 from server:proxy:Test 2015-01-02 15:04:06 +00:00
squid.changes - Changes to squid-3.5.8 (02 Sep 2015): 2015-09-03 13:02:05 +00:00
squid.init Accepting request 286695 from server:proxy:Test 2015-02-18 23:15:24 +00:00
squid.init.rh Accepting request 286695 from server:proxy:Test 2015-02-18 23:15:24 +00:00
squid.keyring Accepting request 143935 from home:sbrabec:gpg-offline-verify 2012-12-30 15:34:43 +00:00
squid.logrotate Accepting request 310389 from server:proxy:Test 2015-06-04 22:51:06 +00:00
squid.permissions Accepting request 286695 from server:proxy:Test 2015-02-18 23:15:24 +00:00
squid.service fix pidfiledir 2014-03-28 18:49:46 +00:00
squid.spec - Changes to squid-3.5.8 (02 Sep 2015): 2015-09-03 13:02:05 +00:00
squid.sysconfig unlink from Factory 2012-10-22 19:07:11 +00:00
unsquid.pl unlink from Factory 2012-10-22 19:07:11 +00:00

README.kerberos 

This is the README.kerberos file
to have squid negotiate/authenticate via kerberos

any addons are very welcome 
comments could be posted to <chris(at)computersalat.de>


1) you need to add a "USER" inside your "Domain-Computers" Container
   called "squid".  Yes a "USER" and not a Computer.
   You may use another name, but why ?

2) After having successfully created the user, you need to create a 
   keytab file on your WIN box.

Example: !! This is all in one line !!

  ktpass -princ HTTP/squid@DOMAIN.REALM -pType KRB5_NT_PRINCIPAL \
  -mapuser squid -pass * -out HTTP.keytab

3) copy over HTTP.keytab to /etc/squid/ on your linux box

4) you have to tell your browsers to negotiate via kerberos

  Have a look at:

  a) Internet Explorer does not support Kerberos authentication with proxy servers
     http://support.microsoft.com/?scid=kb%3Ben-us%3B321728&x=19&y=14

	This limitation was removed in Windows Internet Explorer 7.

	If Integrated Windows Authentication is turned on in Internet Explorer
	for Windows 2000 and Windows XP, you can complete Kerberos authentication
	with Web servers either directly or through a proxy server. However,
	Internet Explorer cannot use Kerberos to authenticate with the proxy
	server itself.

  b) Unable to negotiate Kerberos authentication after upgrading to Internet Explorer 6
     http://support.microsoft.com/kb/299838/EN-US/

	To resolve this issue, enable Internet Explorer 6 to respond to
	a negotiate challenge and perform Kerberos authentication:

	1. In Internet Explorer, click Internet Options on the Tools menu.
	2. Click the Advanced tab, click to select the Enable
	   Integrated Windows Authentication (requires restart) check box
	   in the Security section, and then click OK.
	3. Restart Internet Explorer.

	Administrators can enable Integrated Windows Authentication by
	setting the EnableNegotiate DWORD value to 1 in the following registry key:

	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

	Note Internet Explorer 6, when used with Microsoft Windows 98,
	Microsoft Windows 98 Second Edition, Microsoft Windows Millennium Edition,
	and Microsoft Windows NT 4.0 does not respond to a negotiate challenge and
	default to NTLM (or Windows NT Challenge/Response) authentication even if
	the Enable Integrated Windows Authentication (requires restart) check
	box is selected because Kerberos authentication is not available on
	these operating systems.