diff -rubwBEN SQUID_3_2/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc squid-3.2-mm/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
--- SQUID_3_2/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc	2012-02-05 14:03:45.300209000 +0000
+++ squid-3.2-mm/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc	2012-08-26 14:12:48.548554237 +0100
@@ -32,6 +32,7 @@
 #include "squid.h"
 #include "helpers/defines.h"
 #include "util.h"
+#include "rfc1738.h"
 
 #ifdef HAVE_LDAP
 
@@ -226,10 +227,11 @@
 main(int argc, char *const argv[])
 {
     char buf[6400];
-    char *user, *domain;
+    char *user, *domain, *group;
+    char *up=NULL, *dp=NULL, *np=NULL;
     char *nuser, *nuser8 = NULL, *netbios;
     char *c;
-    int opt;
+    int opt, gopt;
     struct main_args margs;
 
     setbuf(stdout, NULL);
@@ -335,10 +337,16 @@
 
     debug((char *) "%s| %s: INFO: Starting version %s\n", LogTime(), PROGRAM, KERBEROS_LDAP_GROUP_VERSION);
     if (create_gd(&margs)) {
+	gopt = 0;
+	if ( margs.glist != NULL ) {
         debug((char *) "%s| %s: FATAL: Error in group list: %s\n", LogTime(), PROGRAM, margs.glist ? margs.glist : "NULL");
         SEND_ERR("");
         clean_args(&margs);
         exit(1);
+        } else {
+            debug((char *) "%s| %s: INFO: no group list given expect it from stdin\n", LogTime(), PROGRAM);
+	    gopt = 1;
+	}
     }
     if (create_nd(&margs)) {
         debug((char *) "%s| %s: FATAL: Error in netbios list: %s\n", LogTime(), PROGRAM, margs.nlist ? margs.nlist : "NULL");
@@ -370,12 +378,18 @@
         if (c) {
             *c = '\0';
         } else {
-            SEND_ERR("");
+            SEND_ERR("Invalid input. CR missing");
             debug((char *) "%s| %s: ERR\n", LogTime(), PROGRAM);
             continue;
         }
 
-        user = buf;
+        user = strtok(buf, " \n");
+        if (!user) {
+                debug((char *) "%s| %s: INFO: No Username given\n", LogTime(), PROGRAM);
+		SEND_ERR("Invalid request. No Username");
+		continue;
+	}
+	rfc1738_unescape(user);
         nuser = strchr(user, '\\');
         if (!nuser)
             nuser8 = strstr(user, "%5C");
@@ -391,33 +405,62 @@
                 nuser = nuser8 + 3;
             }
             netbios = user;
+	    up = xstrdup(rfc1738_escape(nuser));
+	    np = xstrdup(rfc1738_escape(netbios));
             if (debug_enabled)
-                debug((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, nuser, netbios);
+                debug((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, up, np);
             else
-                log((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, nuser, netbios);
+                log((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, up, np);
             domain = get_netbios_name(&margs, netbios);
             user = nuser;
+	    xfree(up);
+	    xfree(np);
         } else if (domain) {
             strup(domain);
             *domain = '\0';
             domain++;
         }
+	up = xstrdup(rfc1738_escape(user));
+	if (domain)
+	    dp = xstrdup(rfc1738_escape(domain));
         if (!domain && margs.ddomain) {
             domain = xstrdup(margs.ddomain);
             if (debug_enabled)
-                debug((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, user, domain);
+                debug((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, up, dp);
             else
-                log((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, user, domain);
+                log((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, up, dp);
         }
         if (debug_enabled)
-            debug((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, user, domain ? domain : "NULL");
+            debug((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, up, domain ? dp : "NULL");
         else
-            log((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, user, domain ? domain : "NULL");
+            log((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, up, domain ? dp : "NULL");
 
+	xfree(up);
+	xfree(dp);
         if (!strcmp(user, "QQ") && domain && !strcmp(domain, "QQ")) {
             clean_args(&margs);
             exit(-1);
         }
+	if ( gopt && user ) {
+	    if ((group = strtok(NULL, " \n")) != NULL) {
+                debug((char *) "%s| %s: INFO: Read group list %s from stdin\n", LogTime(), PROGRAM,group);
+	        rfc1738_unescape(group);
+	        if (margs.groups) {
+	            clean_gd(margs.groups);
+		    margs.groups = NULL;
+	        }
+	        margs.glist = xstrdup(group);
+	        if (create_gd(&margs)) {
+	            SEND_ERR("Error in group list");
+	            debug((char *) "%s| %s: FATAL: Error in group list: %s\n", LogTime(), PROGRAM, margs.glist ? margs.glist : "NULL");
+		    continue;
+	        }
+	    } else {
+                SEND_ERR("No group list received on stdin");
+                debug((char *) "%s| %s: FATAL: No group list received on stdin\n", LogTime(), PROGRAM);
+		continue;
+	    }
+	} 
         if (check_memberof(&margs, user, domain)) {
             SEND_OK("");
             debug((char *) "%s| %s: DEBUG: OK\n", LogTime(), PROGRAM);
diff -rubwBEN SQUID_3_2/helpers/external_acl/kerberos_ldap_group/Makefile.am squid-3.2-mm/helpers/external_acl/kerberos_ldap_group/Makefile.am
--- SQUID_3_2/helpers/external_acl/kerberos_ldap_group/Makefile.am	2012-01-21 21:17:56.000000000 +0000
+++ squid-3.2-mm/helpers/external_acl/kerberos_ldap_group/Makefile.am	2012-08-26 14:12:10.957554096 +0100
@@ -24,6 +24,7 @@
 
 ext_kerberos_ldap_group_acl_LDFLAGS =
 ext_kerberos_ldap_group_acl_LDADD = \
+	$(top_builddir)/lib/libmiscencoding.la \
 	$(COMPAT_LIB) \
 	$(LDAPLIB) \
 	$(LBERLIB) \
diff -rubwBEN SQUID_3_2/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc squid-3.2-mm/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
--- SQUID_3_2/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc	2012-02-05 14:03:45.300209000 +0000
+++ squid-3.2-mm/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc	2012-08-26 14:13:39.255554748 +0100
@@ -30,6 +30,7 @@
  * Hosted at http://sourceforge.net/projects/squidkerbauth
  */
 #include "squid.h"
+#include "rfc1738.h"
 #include "compat/getaddrinfo.h"
 #include "compat/getnameinfo.h"
 
@@ -461,10 +462,10 @@
                 *p = '\0';
             }
             fprintf(stdout, "AF %s %s\n", token, user);
-            debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, token, user);
+            debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, token, rfc1738_escape(user));
             if (log)
                 fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(),
-                        PROGRAM, user);
+                        PROGRAM, rfc1738_escape(user));
             goto cleanup;
         } else {
             if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log))
@@ -496,10 +497,10 @@
                 *p = '\0';
             }
             fprintf(stdout, "AF %s %s\n", "AA==", user);
-            debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, "AA==", user);
+            debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, "AA==", rfc1738_escape(user));
             if (log)
                 fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(),
-                        PROGRAM, user);
+                        PROGRAM, rfc1738_escape(user));
 
         }
 cleanup: