On Thu, 12 Jul 2007 09:51:23 +0100
"Markus Moeller" <huaraz@moeller.plus.com> wrote:
> The token seems alright. If you use a recent Kerberos implementation
> you should compile with -DHAVE_SPNEGO which will avoid the use of the
> spnego helper routines. If you don't run a recent Kerberos
> implementation make sure that you use:
> for Linux:
> -D__LITTLE_ENDIAN__
> for Solaris:
> -D__BIG_ENDIAN__
>
> As this is important for the spnegohelper.
Hi, i've just updated the kdc and the krb5libs on squid host
to the "testing" version of debian [krb5 (1.6.dfsg.1-5)].
Now it works! Thank you very much.
There's however something i would ask you:
With newer kerberos libs works out of the box (./configure;make;make
install), however i tried to compile squid_kerb_auth with -DHAVE_SPNEGO
adding it to do.sh, but got some warning
cc1: warnings being treated as errors
squid_kerb_auth.c: In function ‘main’:
squid_kerb_auth.c:195: warning: unused variable ‘kerberosTokenLength’
squid_kerb_auth.c:180: warning: unused variable ‘rc’
so i removed "-Werror" from do.sh and it compiled.
With both "standard" and "DHAVE_SPNEGO" version of the helper i noticed a
strange behaviour in logs:
2007/07/12 12:35:15| squid_kerb_auth: Got 'YR YIICTAYGKwYBBQUCoIICQDCCA
jygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKC
AgYEggICYIIB/gYJKoZIhvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACAAAACjggE
hYYIBHTCCARmgAwIBBaEUGxJTVFVERU5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVF
RQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEKEDAgEDooHHBIHEULBIf35R+xfVHAyVv
JcwKbcUUWOzN9q3OgCHceBDUn+L2yYFugILBpLUQ/C3rz++qrpbyLTgc6z2LSssE6sbxDH+
ibG7k73QH5tE8l+sj4NTj217RiwGBMJnUNCP8PMFmYOWmqlYBg9pZzJDTa4KbXtx6i7I3LU
ve9wG+YI69f+xVndLN3y3hRbEJgMJcteS9hWrlN3LkiUlH7B0GWcIVqxrADqyHv7hJBhOJF
jDw/O8G6AEc6tLCTBZr7fyfZXnaaJcUKSBrjCBq6ADAgEBooGjBIGgpYqE+KOUv+iVkKGc0
eiqzCFI6kiNKt1cwXnTUc8lAwxxPZNfi+CrlfvQc4XsSeJcj0kIeUw0KRSVt0u+fjIA1PVF
P8DJmgM443lj7icj7qS0sccPwBD1BL8UX+Q444rFRESr206w+U1VXO92m0WYuqXTehXGZqc
tYwNeNpXmLYZ96/rMpyA7h/bCKCG9l5bfcE/4mBpVm24O2//BeKrtXw==' from squid (length: 795).
2007/07/12 12:35:15| squid_kerb_auth: parseNegTokenInit failed with rc=102
2007/07/12 12:35:15| squid_kerb_auth: AF oYGLMIGIoAMKAQChCwYJKoZIgvcSAQI
ConQEcmBwBgkqhkiG9xIBAgICAG9hMF+gAwIBBaEDAgEPolMwUaADAgEBokoESLjO9CJpkO4
+UlWAzvSF1DUq620yHD9C1+wnoHbTv6LKzjsN2Se9s7r99fXHEzCK77mXdd10fwhoz7ot+NH
U74gmPWgO7Pe2PA== user@REALM.KERBEROS
2007/07/12 12:35:15| authenticateStart: auth_user_request '0x8423310'
Is it normal to get parseNegTokenInit rc=102 error anyway before authenticating the user?
Thanks,
-- MiolinuxReceived on Thu Jul 12 2007 - 04:52:28 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT