Re: Patch to authenticate securely to upstream ISA server(or others)

On Tue, 1 Sep 2009 19:55:47 +0100, "Markus Moeller"
<huaraz_at_moeller.plus.com> wrote:
> Henrik,
>
> I updated the patch. I also said that I removed the configure from
> squid_kerb_auth by replacing the whole squid_kerb_auth directory with the

> attached tar file (to the previous post) which hopefully fixes the fedora

> build.

Does the directory replacement have to be done at the same time or would it
cope with being split in two and done after the main change?

Amos

>
> Thank you
> Markus
>
> "Henrik Nordstrom" <henrik_at_henriknordstrom.net> wrote in message
> news:1251770416.16800.65.camel_at_henriknordstrom.net...
>> Needs quoting:
>> + KRB5INCS=`$krb5confpath --cflags krb5 2>/dev/null`
>> + KRB5LIBS=`$krb5confpath --libs krb5 2>/dev/null`
>>
>> (seen twice, Solaris & generic)
>>
>>
>> Would also be nice if you could update squid_kerb_auth/configure with
>> this simplified kerberos configure dance. The squid_kerb_auth/configure
>> in Squid-3.0 adds a bit too many linker flags adding -Lno/lib -Rno/lib
>> for me and currently prevents it from being packaged for Fedora (build
>> QA check failure, incorrect run-path)
>>
>> Regards
>> Henrik
>>
>>
>> mån 2009-08-31 klockan 14:03 +0100 skrev Markus Moeller:
>>> Hi Amos,
>>>
>>> find attached a patch against the head release. since I now need
>>> Kerberos and GSSAPI for the main source I removed the squid_kerb_auth
>>> configure and replaced the squid_kerb_auth directory with the attached.
>>>
>>> I tested on OpenSuse 11 with MIT Kerberos 1.6.3(the default) and
Freebsd
>>>
>>> 7.0
>>> with Heimdal 1.2.1(added as the older freebsd base Heimdal package
>>> creates
>>> problems as squids asn1.h and krb5_asn1.h have conflicts with oid
>>> definitions)
>>>
>>> Regards
>>> Markus
>>>
>>> ----- Original Message -----
>>> From: "Amos Jeffries" <squid3_at_treenet.co.nz>
>>> To: "Markus Moeller" <huaraz_at_moeller.plus.com>
>>> Cc: <squid-dev_at_squid-cache.org>
>>> Sent: Tuesday, August 25, 2009 12:38 PM
>>> Subject: Re: Patch to authenticate securely to upstream ISA server(or
>>> others)
>>>
>>>
>>> > Markus Moeller wrote:
>>> >> In some setups the upstream proxy requires a secue authentication
>>> >> method
>>> >> (Negotiate, NTLM). The attached patches (2.7 and 3.0) allow this
with
>>> >> Negotiate.
>>> >>
>>> >> Regards
>>> >> Markus
>>> >
>>> > Hi Markus,
>>> > Good to see this feature appearing.
>>> >
>>> > Just a few things to fix up before this can go in:
>>> >
>>> > * Makefile.am lines for linking peer_proxy_negotiate_auth.cc seem
to
>>> >
>>> > be
>>> > indented with spaces instead of the automake required tabs.
>>> >
>>> > * Unfortunately 3.0 is closed for new features. Can we get a diff
>>> > against 3.HEAD code please?
>>> >
>>> > * there is zero documentation for the new option settings. Please
add
>>> >
>>> > to
>>> > the cache_peer entry of src/cf.data.pre with the new details for
>>> > login=NEGOTIATE.
>>> >
>>> > * there is also no documentation for any of the code. Please prefix
>>> > each
>>> > new function and global in your new code with at least an overview
>>> > description of what it does.
>>> >
>>> >
>>> > Amos
>>> > --
>>> > Please be using
>>> > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>> > Current Beta Squid 3.1.0.13
>>> >
>>
>>
Received on Wed Sep 02 2009 - 02:14:42 MDT