[squid-users] Re: squid proxy kerberos authentication failure. Help!!! from Markus Moeller on 2013-12-24 (squid-users)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Tue, 24 Dec 2013 12:30:15 -0000

How do you start the service ? Do you use systemctl ? If so you may need
to add KRB5_KTNAME=/etc/squid/squid.keytab to
/etc/sysconfig/squid

Markus

"flypast" wrote in message news:1387845981524-4664010.post_at_n4.nabble.com...

hi Markus,

Please see the below. I just temporally change access control of keytab
file. Still no lucky

[root_at_proxy01 squid]# ls -al
total 76
drwxr-xr-x. 2 root root 4096 Dec 23 14:24 .
drwxr-xr-x. 105 root root 12288 Dec 24 11:18 ..
-rw-r--r--. 1 root squid 419 Oct 1 23:40 cachemgr.conf
-rw-r--r--. 1 root root 419 Oct 1 23:40 cachemgr.conf.default
-rw-r--r--. 1 root root 1547 Oct 1 23:40 errorpage.css
-rw-r--r--. 1 root root 1547 Oct 1 23:40 errorpage.css.default
-rw-r--r--. 1 root root 11651 Oct 1 23:40 mime.conf
-rw-r--r--. 1 root root 11651 Oct 1 23:40 mime.conf.default
-rw-r--r--. 1 root root 421 Oct 1 23:40 msntauth.conf
-rw-r--r--. 1 root root 421 Oct 1 23:40 msntauth.conf.default
-rw-r-----. 1 root squid 2758 Dec 23 14:24 squid.conf
-rw-r--r--. 1 root root 2510 Oct 1 23:40 squid.conf.default
*-rwxrwxrwx. 1 root squid 451 Dec 22 13:13 squid.keytab*

In addition.
[root_at_proxy01 etc]# kinit -kt ./squid/squid.keytab
HTTP/proxy02.deeplayer.com
[root_at_proxy01 etc]# klist -ekt ./squid/squid.keytab
Keytab name: FILE:./squid/squid.keytab
KVNO Timestamp Principal
---- -----------------
--------------------------------------------------------
  16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (arcfour-hmac)
  16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (aes128-cts-hmac-sha1-96)
  16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (aes256-cts-hmac-sha1-96)
  16 12/22/13 13:14:31 HTTP/proxy02.deeplayer.com_at_DEEPLAYER.COM
(arcfour-hmac)
  16 12/22/13 13:14:31 HTTP/proxy02.deeplayer.com_at_DEEPLAYER.COM
(aes128-cts-hmac-sha1-96)
  16 12/22/13 13:14:31 HTTP/proxy02.deeplayer.com_at_DEEPLAYER.COM
(aes256-cts-hmac-sha1-96)
[root_at_proxy01 etc]#

--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-proxy-kerberos-authentication-failure-Help-tp4663964p4664010.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Received on Tue Dec 24 2013 - 12:30:31 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 25 2013 - 12:00:05 MST