Colegas, resulta que quisiera almacenar en un archivo la contraseña que uso
en la configuración de mi squid para utenticar contra el directorio activo
para darle un tin mas de seguridad a mi configuracion, de manera que si
alguien se hace del archivo de configuracion del squid no sea capaz a simple
vista de ver la contraseña del usuario creado en el directorio activo para
la autenticación.
La duda viene dada por lo que se mencionada en las siguientes líneas,
específicamente en la que describe el parámetro -w:
auth_param basic program /usr/lib/squid/ldap_auth -R
-b "dc=vm-domain,dc=papercut,dc=com"
-D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com"
-w "password" -f sAMAccountName=%s -h 192.168.1.75
These settings tell Squid authenticate names/passwords in the Active
Directory.
The -b option indicated the LDAP base distinguished name of your domain.
E.g. your.domain.com would be dc=your,dc=domain,dc=com
The -D option indicates the user that is used to perform the LDAP query.
(e.g an Administrator. This example uses the built-in Administrator user,
however you can use another user of your choice.
The -w option is the password for the user specified in the -D option. For
better security you can store the password in a file and use the -W
/path/to/password_file syntax instead
-h is used to indicate the LDAP server to connect to. E.g. your domain
controller.
-R is needed to make Squid authenticate against Windows AD
The -f option is the LDAP query used to lookup the user. In the above
example, sAMAccountName=%s, will match if the user's Windows logon name
matches the username entered when prompted by Squid. You can search any
value in the LDAP filter query. You may need to use an LDAP search query
tool to help get the syntax correct for the -f search filter.
The %s is replaced with what the user enters as their username.
__
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l