Thanks for the feedback. I will fix the compile warnings. You will always
get the 102 error when using firefox as it uses plain GSSAPI token and not
SPNEGO token. My code tries to convert an SPNEGO token to a GSSAPI token and
if the original token was already a GSSAPI token the routine returns a 1xx
error.
Regards
Markus
"miolinux" <miolinux@libero.it> wrote in message
news:20070712125218.480730dc@scorm.polito.it...
On Thu, 12 Jul 2007 09:51:23 +0100
"Markus Moeller" <huaraz@moeller.plus.com> wrote:
> The token seems alright. If you use a recent Kerberos implementation
> you should compile with -DHAVE_SPNEGO which will avoid the use of the
> spnego helper routines. If you don't run a recent Kerberos
> implementation make sure that you use:
> for Linux:
> -D__LITTLE_ENDIAN__
> for Solaris:
> -D__BIG_ENDIAN__
>
> As this is important for the spnegohelper.
Hi, i've just updated the kdc and the krb5libs on squid host
to the "testing" version of debian [krb5 (1.6.dfsg.1-5)].
Now it works! Thank you very much.
There's however something i would ask you:
With newer kerberos libs works out of the box (./configure;make;make
install), however i tried to compile squid_kerb_auth with -DHAVE_SPNEGO
adding it to do.sh, but got some warning
cc1: warnings being treated as errors
squid_kerb_auth.c: In function 'main':
squid_kerb_auth.c:195: warning: unused variable 'kerberosTokenLength'
squid_kerb_auth.c:180: warning: unused variable 'rc'
so i removed "-Werror" from do.sh and it compiled.
With both "standard" and "DHAVE_SPNEGO" version of the helper i noticed a
strange behaviour in logs:
2007/07/12 12:35:15| squid_kerb_auth: Got 'YR YIICTAYGKwYBBQUCoIICQDCCA
jygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKC
AgYEggICYIIB/gYJKoZIhvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACAAAACjggE
hYYIBHTCCARmgAwIBBaEUGxJTVFVERU5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVF
RQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEKEDAgEDooHHBIHEULBIf35R+xfVHAyVv
JcwKbcUUWOzN9q3OgCHceBDUn+L2yYFugILBpLUQ/C3rz++qrpbyLTgc6z2LSssE6sbxDH+
ibG7k73QH5tE8l+sj4NTj217RiwGBMJnUNCP8PMFmYOWmqlYBg9pZzJDTa4KbXtx6i7I3LU
ve9wG+YI69f+xVndLN3y3hRbEJgMJcteS9hWrlN3LkiUlH7B0GWcIVqxrADqyHv7hJBhOJF
jDw/O8G6AEc6tLCTBZr7fyfZXnaaJcUKSBrjCBq6ADAgEBooGjBIGgpYqE+KOUv+iVkKGc0
eiqzCFI6kiNKt1cwXnTUc8lAwxxPZNfi+CrlfvQc4XsSeJcj0kIeUw0KRSVt0u+fjIA1PVF
P8DJmgM443lj7icj7qS0sccPwBD1BL8UX+Q444rFRESr206w+U1VXO92m0WYuqXTehXGZqc
tYwNeNpXmLYZ96/rMpyA7h/bCKCG9l5bfcE/4mBpVm24O2//BeKrtXw==' from squid
(length: 795).
2007/07/12 12:35:15| squid_kerb_auth: parseNegTokenInit failed with rc=102
2007/07/12 12:35:15| squid_kerb_auth: AF oYGLMIGIoAMKAQChCwYJKoZIgvcSAQI
ConQEcmBwBgkqhkiG9xIBAgICAG9hMF+gAwIBBaEDAgEPolMwUaADAgEBokoESLjO9CJpkO4
+UlWAzvSF1DUq620yHD9C1+wnoHbTv6LKzjsN2Se9s7r99fXHEzCK77mXdd10fwhoz7ot+NH
U74gmPWgO7Pe2PA== user@REALM.KERBEROS
2007/07/12 12:35:15| authenticateStart: auth_user_request '0x8423310'
Is it normal to get parseNegTokenInit rc=102 error anyway before
authenticating the user?
Thanks,
-- MiolinuxReceived on Thu Jul 12 2007 - 05:34:15 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT