Hi.
On 20.10.2014 22:29, Victor Sudakov wrote:
That's what we did.
1. Created an AD user called squiduser.
2. Extracted its keytab with something like
ktpass -princ HTTP/proxy.sibptus.transneft...@sibptus.transneft.ru -mapuser
squiduser +rndPass -out squid.keytab -ptype KRB5_NT_PRINCIPAL /target
dc01-sibptus -kvno 1 -crypto All
3. Checked the mapping with "setspn -Q HTTP/*" (positive) and checked
for duplicate SPNs with "setspn -X" (negative).
4. Transferred squid.keytab to the proxy host.
Does it agree with your understanding of the right way?
Yup.
Eugene.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users