Re: Squid authentication to upstream ISAserverwithNegotiate/Kerberos

From: Markus Moeller <huaraz@dont-contact.us>
Date: Wed, 4 Jul 2007 01:12:14 +0100

Find attached a patch which adds a call to my functions to http.c and a tar
file with my routines. To make it work do the following:

1) Patch 2.6.STABLE13 with my patch file and extract my source to squid's
src directory.
2) Run configure with CFLAGS="-I/usr/kerberos/include"
LDFLAGS="-L/usr/kerberos/lib -Wl,-R/usr/kerberos/lib"
LIBS="-lgssapi_krb5 -lkrb5" ./configure (this assumes MIT Kerberos)
3) Configure Kerberos with AD as kdc
4) Create a keytab with an AD user (This will be the user for authenticating
squid to the ISA server) as follows
#ktutil
ktutil: addent -password -p markus@WINDOWS2003.HOME -k 1 -e rc4-hmac
Password for markus@WINDOWS2003.HOME:
ktutil: wkt mm.keytab
ktutil: quit
5) Set the keytab environment variable in the squid startup file with:
 export KRB5_KTNAME=FILE:/etc/squid/mm.keytab
6) Add a line to squid.conf like
cache_peer isa.windows2003.home parent 8080 0 proxy-only no-query
login=NEGOTIATE

Markus

If the attachments don't get through you can find then at
http://squidkerbauth.cvs.sourceforge.net/squidkerbauth/ under
squid_kerb_proxy_auth

"Henrik Nordstrom" <henrik@henriknordstrom.net> wrote in message
news:1183503059.9447.13.camel@henriknordstrom.net...

begin 666 squid-2.6.STABLE13-kerb.tgz
M'XL(`';ABD8``^T<?W/:N++_ED^QY28YG+H$:).^%U[Z'DUIDVE^#=#K==[=
M>(P1X(NQ.=NDS?7RW=^N)-NRC0EMR=W<.^],`I:TJ]6NM-I=R02_+NR1<<7\
MH3'WO4\WAKD(IW7KP2:A@;#_[!E]-I_O-?AS4SP3/&\VGC]H8HO6WGYCK]%\
MT&CN-?:;#Z"Q42X*8!&$I@_P8&;Z5XM@53OFKZC^J\+N3@5VX,DF`0D2S0Y.
M),\_@#,N6#CSF.,P'VI"T,9,/ILA6-YL3N*]9G7\JDG\(V]^X]N3:0BU(PU:
M.$\RI.K0<1S@30+P&2<PJDML@,'4#@#G],0W9X!?QSYC$'CC\*/ILS;<> NP
M3!<11W80^O9P$3*P0S#=T:[GP\P;V>,;00E+%^X(>0VG#$+FSP+PQOSAS?D[
M>,-<YIL.7"Z&CFW!J6TQ-V!@8N=4$DS9"(:2$N&\)C[ZD@]X[2%I,[0]MPW,
MQGH?KG&BX3.THEXD21T\7Y"IH="0?Q^\.6%JR/0-.&:8(!>+(1GM"&R7TY]Z
M<QS7%(GB2#_:*-0A`U3(>.'H@@@VA_<G@^.+=P/HG'^ ]YU>KW,^^-#&YJAE
MK&773!"S9W/'1MHX.M]TPQL<A*!QUNT='2-2Y^7)Z<G@`PX&7I\,SKO]/KR^
MZ$$'+CN]P<G1N]-.#R[?]2XO^MTZ0)\1:TR06"'N,=<9"G3$0M-V@D0`'U#1
M`?+HC&!J7C-4N,5LG"E@XL2;W]RM2D'&=#QWPH>+S1.1ML$>@^N%.GST;9Q!
MH9=7LB"0:%J'$]>JZ[#W3Q@P%!>#2\>T4+_]!9%X^K2APTLO"*GE60>@T6HV
MFT^:3QO/=7C7[T1#V_2BW:T(8W",79-X0IB&X?Q@=S? J68QE/"$U5T6[N+0
M?V%6&.P&M'G0WD&;!J=0^<YV+6<Q8E -%O.YYX?U:95*Q[B QC )<.$S:VH$
M<Y=-O K:WA %3<47)Z^,$0LL,#*-``[A\[X.M6O/'L&.5OWI4VOXTZ?&/OXU
M\6]/_K6JM^V*I)3M"$EL9^FV*]\Q%Q=YI6)Y;H!6:(K[P$ZP;#^L4=T.JAP'
M9\]-QW#-&:I+8/!F&GRNX'(*P;<.&^T*7)P9"WQ\VH*9^8OG&S301:##S';C
M)VQ&+%GA)P.[#"$&7NJY(?L4(N-O^GWCR#B_,(XNS@?='P<2C5A0D0"X`?1Y
MA8IVWCGK2ISA8CS&%ES,"0[.\KA]]^QR\,%X^>[UZVZO$,EVYXO0"+TK7/)?
MA(B&XDY,11D`.U'3\W>GI^U*A1@.D6XM"$=(3*=BK9TJMMVH%(MQ;=8><04!
MUQ#!F-08\K;,]W6H;@6_PU9P`%W?I_WJW .!(>0)),^?W*H.I]YD8,]83=/A
MLG?QIM<YXUTC^"Q<^*YD$N"6NO8M9/O*'^X9EL_0-!N6:4U9C=KHZ8G$J1"G
MOG4WDZ_1N.'B1#,CR,);G*K,]P+@].MW<"H8<ICI+N:U5>S+B5&_-IT%38^9
MZ3B>A?SX#G-KU>/!X+*J/9:/8@D\;@E5N!'O*@E]-::.`_S/5E#51;TNRML*
M(]AZ@K;W$"1F3:P^+=4+82".NN80@R8C;DMHC+B\:]OJ*M1A6Y+0*W 7\(47
M&A)!FH%M9>%QEJ4Z41W6%;<ZJ,):R@ZD&*AF^=.J&FB2F8E'JA8*XU-ZV=A<
MFWBR(J.1&>#=P^*0V)E>]U7W?'#2.5T7=5NQ6.OB*$);%R5CP-=%:VR\82(J
M=&C.NZ?&RY/S5R?G;_IK"TPQH>OB<,NQ+GW5TMY'!VD3^V4S/3M;5TYW(J\.
M1MH!,I02)=HB:LG.L:,-S8#M/S.8:WDC9@QMLA=*=8JBL$_+.N'6$"KH(0B.
M#BIB$HZ8P]"B%R^Y](J >)NB4A^1D3NY/189HW6;*Q-I711UI#F<0@.9&+A*
MO&-P$FVHW%;^[#"VA*^$V$N_QS[NR/\\:S7V9?YG[_G>L_T'C6:KU7A6YG_^
M""CS/V7^I\S_E/D?GKV)TC3'W9.S5YW3))GS+QSM& //^O1%E#5)ZBBFI JE
M:.'B+!OQUG$9%CCV,%=F>]DBC!XGZ3+T*MU,LQ#CVPSB3; ;E=)(E@\$?1US
M;G-,;&"[;%E,%SGX`^/XHC]XV>EW7QG];N^'DZ,N#M_!*9$EN*O0E4+L7^!,
M/ND;S691:V-"\\VVA%0YV:_E2:A$YK-0A LKA"OY22D%$??+G)+\)-=/)+9F
M;";2$^@P7[?CYKP(+*M=N86KN4FSO5*A)%<^K2'H7+&;T!P:-%.2#%DV;X8>
M),_DI5(15((5,A^H)N2B7(9LP?M/QQM%N3:E/.7.*H$`C!>NQ4TH4HZ$+U,F
M4%V:"ZQ65G&I540"1XH^G,%..&NGBK 91AQH,SY&Y9P:E1LA6O$`77,,9QJI
M6MX+^O/_;;;^\7-;A#X3%A*2-QZ9-[5MI*<$&B)PPK)Z>$UQ"CPZE*3C%!-M
M1S/LR/$LTR%"G(9L'Z6&!-]C7HW=Z]!L/:=LU(?=K=GNU@BVC@^VS@ZV^E4=
MB2E(\3 2DJ+REO^7\0-2Q+F%\=6?[07]?4'Z_P8WXIL]]HUAM?_?:K6>MS+^
M_]-F:Z_T__\(V+S_7[K_I?M?NO]_1?>_X/ V[ZU%/@3Y&,(QK$N?4O4NU%I+
MBXL)I'])9X.A[]UDB.@)5N)1<!1:Q''*-=-S>UG'*<\VS0/16MXL\E1N[_!V
MQ[&#ZVJ?$__Q[<"X[ R.C;/.C]#:VX_+\=GH=<^[[XW!R5D7JD_W]T95?M:F
M^'@[&1_ZD&?EZ919]:$/H[,ZB<I9%)@/Q4?D0>8;X!!#_P;X_UR+T+ 6?H"+
M27QDZU$*H^#A#O^0/&0BK67M^?]6?-Z>;A(/+ D3XO/>=,L1<_#I87#%/G(/
MF!>B$RQ.%'@G!EI$>"C,8A ',HP.=@TZ"8"'#_F'%(Y*]N%#W[''K)T+@@%D
M\)L^;8]!UK9E"">I7HTL8^R8DP"[Y)]Q?SB1G!F6HAC14F*4QPL4Z61B,APK
M[F[HI(0'T7$+#16VM\5T%H]/7I"/'M21"'V!)SR@J#4T> $D,:V@O8\V[Z,1
MDM5745H['$FLF&A)QWT7=_:O"#->:I^7"#2&W1W@#""^=<5",D)*K515K&?>
ME(V$JK,V`WBIGLPB'6(S$@=&D8K69( KKFXGT5BJ?"B$9PX=XC)5AL_-=J5H
M+&CX:#@QI[FA*(QOB\53%W-%2['!]8%TTW9-L< QORNO/,#'*<Y?$4[B'I<L
MP['OS;A8L6<;GT4^X `QZ99!_I*!#F*EX=0(S D3O*59YB"BOUI3@TS=;4IB
MRNJ(),=YDT7+)\!R2:G2GYE7;(7L(X&+,R^TO"H?=QZ/ONV]W#,&;_K\UDT6
M60W/[U6%.,YP$BJ:_,-TEEFQ9 5)GJMF.%\X0C;1?ZF#Z(NF&,<OEQPUE(P=
M<OW@G]&Y-+J]GC' O;K[X^5)K_L*-%BBW#PY,4YE`US:`.T*=Q,IQ)B:\SEZ
MQT-FF>A5D\-I.9YUQ<URQN DP _"I=U?UL?MDK*UYDBRGH,-3(NU)L:MD"S_
MB UP)%EN@6D'3T3!;VUEO#ME/TFZ4*>;< *BT_A"W[!HXF05O98LJ4\4I!W0
MHHLO8CGVT#?1P_I6Z19)5E7],O\U,R]O*P4[<':Q2D<F;UBW94W,85Z$G[-+
M,T+)C"ERI>1U@UJ6\OJR3[8KP?4W27N9J&_38HHX%PYGR";,C[A'#E'G*&!S
MX81!%1_Y`J?UC0\8S>UAN+;?H(L4Y!JI4LR+Z2X)W2'[+Y)=S.9]2"\Z*!'A
M0>>'KL$WQS?=`45&/ 8R^F^[[T5[B4C,',8S<F9^,GA>G(KS\9[JS0G$5(LG
M+PA?A N9$Y)$E(^NQHKA3XE2WD$%X(EW):K[F>*QM'L714]R$HAK--EUQ!/H
M"IVT%.?B;J,U]46F_?N#[[6V4@^Y):;!_/'CG#N1"2"S*U#&O9E&;5@.J3&F
M<02[H\6\-H=_(_<'-#XMOWY(22G!%M)!5;1!M5M2#XJ=NB)?*O"<Z[QT<X=/
MVZ)DHRM'=,Y]+!%FQZ/86KV=YKA;?U6U\R(1]YK=@I%D!,9]""-@O]*:*A ;
MN5H\XO]*]W0]Z7%.%.$%Y!Y%4EMR:WEM+V2)K*3 BL7BXO!%+J18)KRZ0#;R
M2'5^4QQ,</1Z$I%NQU^7BQEC=,'E(^&I&N2>GK_:E/11VJXB_?L5_ K)HQ&^
MY^FXECQH+]C\7"R6"&Z%(%*!HYKTQ#3X_?>XS(AO##2T%=+C.="E\U9,UV5I
M#I4$QU=3@<)K=L-<2D6AMU;TE=/#6FH@?A0]B.SDMRMBN1Z4>5FX/V7N*QQ&
MNYQ;;(GC95WD2BCR1QE']VRSDS_[@M%=]F(SZX 82B=^UMG0LKQ^R>J 598Z
MV?=YFC-Y]<3^C7GCFD@^)[0Q] G0CLCL'SK9!>T*LL7\L;8M4\9Q:U5AXD:2
M$7HR51R_>I).Z*.Z> 8YYV^0-6_00N?5E(5H?)T+,C1'0"1XSE6\F'.'DK(<
MKNET0,;K6"W!($K-&L1<+$L=TN(@*(@\%8+""JR3W)4;12-.&F5UN E_+XKP
M?^/ADI(ZX;G1S$;Z#<%35N+)Y!9Q_6'F_:NS[ME%[\.!N*&47$XRJMKCYGY,
M*7X5*Z:CKT5 +ZS>&E5UU-C<'M4T+0Z!EF8A,AR3/W-T1&G1P^3UKQ@#>TVX
MQB!H?K/T:$Y/DU$QS' Y1M)%U'J^P-WN>M717RY=7Q1SQ,A X4;NU))F8-*_
MHG4>@^4YBV=LP3;RA2$*=N#A7KK9#/X:J9)(:O'B61*L)?G?_!ZW$3&D5NZ?
M+8D@]'QV9R8\2G9O4 K4<=9TW<.@56<H=4+((S[ZJHQB>0.45JJ"S U]RU\;
MK#6T=OG*T88@NO\W"8+[NOYWU_L_>WNMY]G[?XW]5GG_[X^ \OV?\@)@>0&P
MO "XZ@+@/;UR0=X,>0ST8DNWU[OHI=X<UZ*KA*F^>"6]5,Z_M+,-@@G]G$IR
M7R?[,R2"M(SH19/DS8I&Z]G/\J4+=%GI70SFRA#'X6^82Z*Y7H2K57LD*S3U
M;!M'CDLR%'*2_0OOD,;]I'-Y(GPNC<\<>CLG/@:/ABM_Y0$7[MPQ;Z1X^#O:
M0AII'>1SM$M O$O$_U^\ZGX)#L7:] L[Z^%L2Y'0T:<J^G2$%(]3_"0,,75V
M>=H==+.W265JA\Z9X 57RN.T2J-?"7D,32WE+0?264;4Q]B&>\M5'<1-3BU#
M)/XID1AX5X=+^\K[_H4OX4MU%8@"K:S/S*OH,:+V%;0$:I' 6HED"J12K4,2
M6\NAMU327[<"R"*D5P#?59T;"E!\W$3HDNRW+X8O_ND3,;'/ND?'_Z>KX6^_
M% I#Y2UT"_D/*JT\;XAV+%TYX4X=+U OJ=BT#$Y+**&$$DHHH8022BBAA!)*
H**&$$DHHH8022BBAA!)***&$$DHHH8022BBAA/N'_P%EVQ([`'@`````
`
end

begin 666 squid-2.6.STABLE13-kerb.patch
M9&EF9B M<B M=2!S<75I9"TR+C8N4U1!0DQ%,3,O<W)C+VAT=' N8R!S<75I
M9"TR+C8N4U1!0DQ%,3,N;F5W+W-R8R]H='1P+F,*+2TM('-Q=6ED+3(N-BY3
M5$%"3$4Q,R]S<F,O:'1T<"YC"3(P,#<M,#,M,C<@,# Z,#@Z,# N,# P,# P
M,# P("LP,3 P"BLK*R!S<75I9"TR+C8N4U1!0DQ%,3,N;F5W+W-R8R]H='1P
M+F,),C P-RTP-RTP-" P,#HT,3HU,"XP,# P,# P,# @*S Q,# *0$ @+3$R
M-C@L-B K,3(V."PQ,B! 0 H@"2 @("!]"B )?2!E;'-E(&EF("AS=')C;7 H
M;W)I9U]R97%U97-T+3YP965R7VQO9VEN+" B4%)/6%E005-3(BD@/3T@,"D@
M>PH@"2 @(" O*B!.;W1H:6YG('1O(&1O("HO"BL)?2!E;'-E(&EF("AS=')C
M;7 H;W)I9U]R97%U97-T+3YP965R7VQO9VEN+" B3D5'3U1)051%(BD@/3T@
M,"D@>PHK(" @(" @(" @(" @8VAA<B J5&]K96X["BL@(" @(" @(" @("!4
M;VME;B ]('-Q=6ED7VME<F)?<')O>'E?875T:"A.54Q,+')E<75E<W0M/FAO
M<W0I.PHK(" @(" @(" @(" @:68@*%1O:V5N*2!["BL)(" @(" @(&AT='!(
M96%D97)0=713=')F*&AD<E]O=70L($A$4E]04D]865]!551(3U))6D%424].
M+" B3F5G;W1I871E("5S(BQ4;VME;BD["BL@(" @(" @(" @("!]"B )?2!E
M;'-E('L*( D@(" @:'1T<$AE861E<E!U=%-T<F8H:&1R7V]U="P@2$127U!2
M3UA97T%55$A/4DE:051)3TXL(")"87-I8R E<R(L"B )"6)A<V4V-%]E;F-O
M9&4H;W)I9U]R97%U97-T+3YP965R7VQO9VEN*2D["F1I9F8@+7(@+74@<W%U
M:60M,BXV+E-404),13$S+W-R8R]-86ME9FEL92YI;B!S<75I9"TR+C8N4U1!
M0DQ%,3,N;F5W+W-R8R]-86ME9FEL92YI;@HM+2T@<W%U:60M,BXV+E-404),
M13$S+W-R8R]-86ME9FEL92YI;@DR,# W+3 W+3 S(#(P.C4Q.C,Q+C P,# P
M,# P," K,#$P, HK*RL@<W%U:60M,BXV+E-404),13$S+FYE=R]S<F,O36%K
M969I;&4N:6X),C P-RTP-RTP-" P,#HT,SHT,2XP,# P,# P,# @*S Q,# *
M0$ @+3$P,BPV("LQ,#(L-R! 0 H@"7-T;W)E7V1I9V5S="YC('-T;W)E7V1I
M<BYC('-T;W)E7VME>5]M9#4N8R!S=&]R95]L;V<N8R!<"B )<W1O<F5?<F5B
M=6EL9"YC('-T;W)E7W-W87!I;BYC('-T;W)E7W-W87!M971A+F,@7 H@"7-T
M;W)E7W-W87!O=70N8R!S=')U8W1S+F@@=&]O;',N8R!T>7!E9&5F<RYH('5N
M;&EN:V0N8R!U<FPN8R!<"BL@(" @(" @('-Q=6ED7VME<F)?<')O>'E?875T
M:"YC('-U<'!O<G1?9W-S+F,@<W5P<&]R=%]K<F(U+F,@7 H@"75R;BYC('5S
M97)A9V5N="YC('=A:7,N8R!W8V-P+F,@=V-C<#(N8R!W:&]I<RYC('=I;C,R
M+F,*($!54T5?15!/3$Q?1D%,4T5 0%5315]+455%545?1D%,4T5 0%5315]0
M3TQ,7T9!3%-%0$!54T5?4T5,14-47T9!3%-%0$!54T5?4T5,14-47U-)35!,
M15]&04Q314! 55-%7U-%3$5#5%]724XS,E]44E5%0&%M7U]O8FIE8W1S7S$@
M/2!C;VUM7W-E;&5C=%]W:6XS,BXD*$]"2D585"D*($!54T5?15!/3$Q?1D%,
M4T5 0%5315]+455%545?1D%,4T5 0%5315]03TQ,7T9!3%-%0$!54T5?4T5,
M14-47U-)35!,15]&04Q314! 55-%7U-%3$5#5%]44E5%0&%M7U]O8FIE8W1S
M7S$@/2!C;VUM7W-E;&5C="XD*$]"2D585"D*0$ @+3$U.2PV("LQ-C L-R!
M0 H@"7=C8W R+B0H3T)*15A4*2!W:&]I<RXD*$]"2D585"D@)"AA;5]?;V)J
M96-T<U\Q,"D*(&YO9&ES=%]S<75I9%]/0DI%0U13(#T@<F5P;%]M;V1U;&5S
M+B0H3T)*15A4*2!A=71H7VUO9'5L97,N)"A/0DI%6%0I(%P*( ES=&]R95]M
M;V1U;&5S+B0H3T)*15A4*2!G;&]B86QS+B0H3T)*15A4*2!<"BL@(" @(" @
M('-Q=6ED7VME<F)?<')O>'E?875T:"XD*$]"2D585"D@<W5P<&]R=%]G<W,N
M)"A/0DI%6%0I('-U<'!O<G1?:W)B-2XD*$]"2D585"D@7 H@"7-T<FEN9U]A
M<G)A>7,N)"A/0DI%6%0I"B!S<75I9%]/0DI%0U13(#T@)"AA;5]S<75I9%]/
M0DI%0U13*2 D*&YO9&ES=%]S<75I9%]/0DI%0U13*0H@86U?7T1%4$5.1$5.
M0TE%4U\Q(#T*9&EF9B M<B M=2!S<75I9"TR+C8N4U1!0DQ%,3,O<W)C+W!R
M;W1O<RYH('-Q=6ED+3(N-BY35$%"3$4Q,RYN97<O<W)C+W!R;W1O<RYH"BTM
M+2!S<75I9"TR+C8N4U1!0DQ%,3,O<W)C+W!R;W1O<RYH"3(P,#<M,#,M,C<@
M,# Z,30Z,#DN,# P,# P,# P("LP,3 P"BLK*R!S<75I9"TR+C8N4U1!0DQ%
M,3,N;F5W+W-R8R]P<F]T;W,N: DR,# W+3 W+3 T(# P.C0R.C U+C P,# P
M,# P," K,#$P, I 0" M,30Q-RPT("LQ-#$W+#8@0$ *('9O:60@<W1O<F5,
M;V-A=&5687)Y*%-T;W)E16YT<GD@*B!E+"!I;G0@;V9F<V5T+"!C;VYS="!C
M:&%R("IV87)Y7V1A=&$L(%-T<FEN9R!A8V-E<'1?96YC;V1I;F<L(%-43%9#
M0B J(&-A;&QB86-K+"!V;VED("IC8F1A=&$I.PH@=F]I9"!S=&]R94%D9%9A
M<GDH8V]N<W0@8VAA<B J=7)L+"!C;VYS="!C:&%R("IL;V=?=7)L+"!C;VYS
M="!M971H;V1?="!M971H;V0L(&-O;G-T(&-A8VAE7VME>2 J(&ME>2P@8V]N
M<W0@8VAA<B J971A9RP@8V]N<W0@8VAA<B J=F%R>2P@8V]N<W0@8VAA<B J
M=F%R>5]H96%D97)S+"!C;VYS="!C:&%R("IA8V-E<'1?96YC;V1I;F<I.PH@
M"BL**V-H87(@*G-Q=6ED7VME<F)?<')O>'E?875T:"AC:&%R("IP<FEN8VEP
M86Q?;F%M92P@8VAA<B J<')O>'DI.PH@(V5N9&EF("\J(%-154E$7U!23U1/
'4U](("HO"@``
`
end
Received on Tue Jul 03 2007 - 18:14:05 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:06 MDT