How to Update Squid with Kerberos Authentication on Ubuntu?

Keep in mind that mixing proxy authentication with transparent HTTP/HTTPS proxy isn’t supported, so if you’re employing transparent mode, you’ll need to configure explicit proxy settings to incorporate Kerberos authentication. You can check out the thread on ServerFault for more details on that.

It's actually pretty straightforward to set everything up. First off, within your AD environment, create a Kerberos keytab for Squid, then transfer it to the Squid machine. Set up your /etc/krb5.conf file, configure the keytab path via the service’s environment variables, and adjust the Squid configuration to enable Negotiate authentication. It sounds like a lot, but it’s mostly about following the right steps.

I moved on from using Squid with AD authentication a while back because I faced challenges getting it to work on 64-bit Linux versions. I recommend first getting your existing Squid configuration running smoothly on a supported OS. Then, consider testing AD authentication if you want to continue that route. In my experience, I've had much better luck using Fedora for Squid servers compared to Ubuntu, especially when scaling up the number of users.

You might not find anything specifically tailored for Ubuntu, so I'd suggest sticking to the general Squid documentation. Just follow the guidelines for Kerberos configuration there. Also, just so you know, if your system is really old, check whether it supports modern encryption types for Kerberos, like aes256, instead of outdated ones like RC4. That could lead to some issues if you're keeping your Active Directory security updated.

The easiest way to transition your configuration is to directly port it from one distro to another. You’ll need to account for differences in how things are handled between Rocky Linux, Debian, and Ubuntu, especially with package names and security models like SELinux versus AppArmor.