Univention Bugzilla – Bug 56797
Use dedicated service account in univention-squid
Last modified: 2023-11-06 10:52:56 CET
We should switch from the machine account to a dedicated service account in the univention-squid auth helper (/usr/lib/squid/basic_ldap_auth and /usr/lib/squid/squid_ldap_ntlm_auth). Background: With Bug #56767 we want do disable access to password hash for managed nodes. At least squid_ldap_ntlm_auth needs the sambaNTPassword attribute for verification. As we allow univention-squid on managed nodes, it will stop working if we implement the password hash attributes restriction for member servers.