it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lmn-client/doc/localproxy.md
Raphael Dannecker 9a6a05e2d0 Improve documentation
2025-04-07 07:48:01 +02:00

1.3 KiB
Raw Permalink Blame History

Local http proxy

Some clients encounter difficulties with Kerberos authentication on the HTTP proxy server. To address this issue, we propose setting up a local Squid HTTP proxy that operates as a systemd process in user kontext. This local proxy will authenticate with the parent proxy using the user's Kerberos ticket. Additionally, this setup is ideal for accessing the parent proxy from virtual machines as anonymous user.

The decision to install the local proxy is contingent upon the value of the variable localproxy.

Choices:

  • false <- (default)
  • true

The parent proxy can be set with the variable localproxy_parent.

Default: firewall.{{ domain }}

Configuration / Variables

  • localproxy
    This flag indicates whether to install the local proxy.
    If set to true local Squid proxy will be installed.
    Type: Boolean
    Values:
    • false <-- (default)
    • "username"
  • localproxy_parent
    This variable specifies the name of the parent HTTP proxy that accepts the user's Kerberos ticket.
    Default: "firewall.{{ domain }}"
    Type: String

Example

  • Enable the local proxy on all devices.
  • The parent proxy will be set to firewall.{{ domain }} (default).

inventory.yml

all:
  vars:
    localproxy: true
classrooms:
  hosts:
    10.0.10.[1:80]