Skip to content

Cntlm-0.92.3 with kerberos authentication patch applied

License

Notifications You must be signed in to change notification settings

biserov/cntlm-gss

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

This is Cntlm with Kerberos patch applied.

Dependency: Kerberos.

Main changes in this fork

  • fixed issue for big number of group memberships in AD
  • POSIX POS36-C issue fixed
  • HTTP-1.1-persistent-connections-with-HTTP-1.0-clients patch applied
  • Many bug from warnings fixed, warning-as-error now
  • allow/deny list added as [forward] config section to limit hosts available through parent proxy (with optional auto-allow for HTTP redirects)
  • SIGINT signal can be used to fast restart w/o wait closing connections

Install

Prebuilt packages is available on Open Build Service in project home:biserov:cntlm-gss for the next OS list:

  • OpenSuSE (Tumbleweed, Leap)
  • Fedora, CentOS
  • Debian, Ubuntu, Raspbian

Visit "Download package" page and follow provided instructions.

Build

CMake

$ mkdir .build
$ cd .build

$ cmake -DCMAKE_BUILD_TYPE="Release" ..
...or for use cross-compiler w/o access to gss headers...
$ cmake -DCMAKE_BUILD_TYPE="Release" -DCMAKE_INSTALL_PREFIX=/ -DCMAKE_TOOLCHAIN_FILE=/path/to/toolchain.cmake -DWITH_GSS_STUB=ON ..

$ cmake --build .

...

$ cmake --install . --strip

Legacy

!WARNING! I'm sorry but this method of configuring is obsoleted and will be removed soon...

If Kerberos is compiled to a different location, say, $HOME/usr, compile Cntlm with

./configure --enable-kerberos

export LIBRARY_PATH=$HOME/usr/lib

export C_INCLUDE_PATH=$HOME/usr/include

make

To run it, try cntlm --help or cntlm -v and fix whatever it complains.

I have only the following lines in my ctnlm.conf file:

Auth GSS
Proxy proxy.server.domain.com:3128
NoProxy localhost, 127.0.0.*, 10.*, 192.168.*
Listen 3128

[forward]
#AllowRedirects  yes
Allow *

The username, domain and password are all unset.

I could start it with /home/me/usr/opt/cntlm-0.92.3/cntlm -c /home/me/usr/opt/cntlm-0.92.3/cntlm.conf .

doc/add-user-keytab.sh script might be usefull to install cntlm keytab file on any system.

About

Cntlm-0.92.3 with kerberos authentication patch applied

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 93.6%
  • Shell 3.1%
  • CMake 1.8%
  • Makefile 1.5%