Hi,
we run a couple of squid caches using the squid_kerb_auth helper to
do Negotiate GSSAPI authentication and generally it all works rather
nicely but we will get little bursts of the following error
2012/06/20 14:54:02| authenticateNegotiateHandleReply: Error
validating user via Negotiate. Error returned 'BH
gss_accept_sec_context() failed: A token was invalid. unknown
mech-code 1859794441 for mech unknown'
Always with that particular mech-code.
Given the number of successful hits on the cache (couple of million a
day) I'm struggling to identify whats causing these errors and how to
rectify so suggestions welcomed.
As well as wanting to identify the root cause, this problem has the
effect that every time squid_kerb_auth deals with one of these
requests the kerberos libraries (heimdal 1.5pre1 from NetBSD 5.99.59)
keeps a file descriptor open to the keytab file (actually two) so
eventually the squid_kerb_auth hits the max filedescriptors per
process limit and other things start to fail (if it hasn't been
restarted before then).
cheers
mark
Received on Wed Jun 20 2012 - 03:21:03 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 21 2012 - 12:00:03 MDT