On 26/11/2012 4:00 p.m., Eliezer Croitoru wrote:
> You are using A dinosaur!!
> Squid 2.6 dosnt have support for about 5 years.
> what you should do is use a newer version of squid.
>
> If you are using CentOS 5.5 you will have trouble finding RPM for this
> version.
>
> I dont think that my RPM will work on your old system.
> But I created RPM for CentOS\RHEL 6.0 and FEDORA 16-17 that works on
> CentOS 6.3 also at: http://repo.ngtech.co.il/rpm/
>
> In your case that you are not intercepting traffic I would recommend
> you to compile squid with basic configuration to fit your needs.
>
> I am almost sure that there are RPMs of squi 3.1 for this version .
>
> You can also try to copy only the helpers from a newer Version of
> squid in case there was a bug 5 years ago.
Unfortunately that alone will not help in this case.
Back in 2.6 both the helper internal buffer and read logics Squid
received the helpers response into were set at 8KB long. Kerberos keys
can reach close to 64KB as seen here. So he will need to rebuild the
whole of Squid to extend this buffer size.
At which point ... it becomes better to rebuild newer sources and gain
all the bug fixes and security patches found over the last 5 years.
Amos
>
> Regards,
> Eliezer
>
> On 11/26/2012 4:46 AM, John Xue wrote:
>> Sorry! This is my problem.
>>
>>
>> My problem is when ad user1 try to access internet through squid,
>> the squid_kerb_auth process is dead, then IE doesn't have any respond.
>> When I open debug, I can see these information:
>>
>> 2012/11/02 14:24:21| squid_kerb_auth: Got 'YR
>> YIIdSwYGKwYBBQUCoIIdPzCCHTugJDAiBgkq.........FF/cmFtd9bzIcFVddg9fuSHH0ZcR7rl1XDRRyMhngmtxhVozrWML4k/c2ejMSTSxrVks0Eb6JZ2UvrXDBfQh2ZQBKeckALc3vvVOt2BmujG+YZmPEDjkAzb/TQf68fpSHyvCU1IwSkYVmqetnYKjDWLqKTdJqtCwGc/8ZuOR3AxeDSaXrB1TcKtRFo47fzI/xf8avhPxR0Dp/k4ZmoUfvfOy5hqr0AN7e2b/BNHVKaxWADi/q'
>>
>> from squid (length: *62163*).
>> 2012/11/02 14:24:23| squid_kerb_auth: Decode
>> 'YIIdSwYGKwYBBQUCoIIdPzCCHTugJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCHREEgh0NYIIdCQYJKoZIhvcSAQICAQBughz4MIIc9KADAgEFoQMCAQ6iBwMFACAAAACjghwcYYIcGDCCHBSgAwIBBaEQGw5TWi....PmsQeFF/cmFtd9bzIcFVddg9fuSHH0ZcR7rl1XDRRyMhngmtxhVozrWML4k/c2ejMSTSxrVks0Eb6JZ2UvrXDBfQh2ZQBKeckALc3vvVOt2BmujG+YZmPEDjkAzb/TQf68fpSHyvCU1IwSkYVmqetnYKjDWLqKTdJqtCwGc/8ZuOR3AxeDSaXrB1TcKtRFo47fzI/xf8avhPxR0Dp/k4ZmoUfvfOy5hqr0AN7e2b/BNHVKaxWADi/q'
>>
>> (decoded length: *6141*).
>> 2012/11/02 14:24:24| squid_kerb_auth: gss_accept_sec_context()
>> failed: Unspecified GSS failure. Minor code may provide more
>> information. *Token header is malformed or corrupt*
>>
>> When user2 try to access in the same machine, everything is ok. So
>> I think the problem is user1 have a big kerberos token size.
>>
>> My squid is:
>> Centos 5.5
>> kernel 2.6.18-194.el5PAE
>> Squid 2.6.STABLE21
>> squid_kerb_auth: 1.0.7
>> AD: Windows 2003
>> Client: Windows XP SP3 + IE8
>>
>> Thank you!
>
Received on Mon Nov 26 2012 - 10:41:24 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 26 2012 - 12:00:03 MST