Have you ever tried to figure out how to make Squid authenticate users according to your own exotic rules? Users are in a DB? Are you using an ActiveDirectory? Users/passwords are authenticated by a java class? Everything is possible. Here I intend to explain how to make your own custom authentication helpers so you can develop your own routines for your own requirements.
Two weeks ago, I explained how to set up a Kerberos realm; and last week, I went on to describe how to actually do something useful with it by doing Kerberized NFS. But there’s so much more interesting stuff that can be done with Kerberos, and it would be a shame to ignore those.
GSSAPI, SASL, and negotiation
Usually, I get annoyed at having to authenticate myself to each and every service I set up; after all, my passwords are the same everywhere, since I make sure of that myself. On Windows, I wouldn’t have to do that; once I log in, Windows is able to communicate credentials to each and every service that asks for them. But something similar is impossible on GNU/Linux, right? Wrong.