Re: [squid-users] Question about authenticateNegotiateHandleReply
fre 2007-05-11 klockan 21:13 +0100 skrev Markus Moeller: I use the below on Opensuse 10.2 /usr/sbin/squid -v Squid Cache: Version 2.6.STABLE6 Can you try a more up to date version? It's possible Negotiate is a bit broken in the version you have.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Question about authenticateNegotiateHandleReply
On Wed, 9 May 2007, Markus Moeller wrote: I have written a helper program for the negotiate protocol (only the Kerberos part of it). I can get it to determine the correct userid but somehow the reply doesn't get back to squid. I don't get any debug from authenticateNegotiateHandleReply. What triggers authenticateNegotiateHandleReply to read the output of the helper program ? obvious question: is your helper using unbuffered I/O? In C: setbuf(stdout, NULL); In perl: $|=1; Duane W.
Re: [squid-users] Question about authenticateNegotiateHandleReply
I have written a helper program for the negotiate protocol (only the Kerberos part of it). I can get it to determine the correct userid but somehow the reply doesn't get back to squid. I don't get any debug from authenticateNegotiateHandleReply. What triggers authenticateNegotiateHandleReply to read the output of the helper program ? I set the following debug options in squid.conf debug_options 29,9 debug_options 84,9 Which gives me the following output in the cache log: 2007/05/08 23:24:38| helperStatefulOpenServers: Starting 1 'squid_kerb_auth' processes 2007/05/08 23:24:38| StatefulGetFirstAvailable: Running servers 1. 2007/05/08 23:26:59| helperStatefulGetServer: Running servers 1. 2007/05/08 23:26:59| StatefulGetFirstAvailable: Running servers 1. 2007/05/08 23:26:59| helperStatefulGetServer: Returning 0x80287210 2007/05/08 23:26:59| helperStatefulSubmit: server 0x80287210, buf 'YR YIIFfQYGKwYBBQUCoIIFcTCCBW2gJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBUMEggU/YIIFOwYJKoZIhvcSAQICAQBuggUqMIIFJqADAgEFoQMCAQ6iBwMFACCjggRLYYIERzCCBEOgAwIBBaESGxBXSU5ET1dTMjAwMy5IT01FoiUwI6ADAgECoRwwGhsESFRUUBsSb3BlbnN1c2Uuc3VzZS5ob21lo4ID/zCCA/ugAwIBF6EDAgECooID7QSCA+k6DuAjia9z5prTrLBCV4ToNumCnHMw2aqwJo9TM65q5aQPy+UtaqxhUO+VF9PKC4Qzq1ZHPVaUTT2DuZoS1iCUtCXXEDTGIrp8BIh1DJDNFFigmcoeETWjP2vUbQivBLUUZZFJnOJcVofa8p6HbjLAwgOONKMOMnrCyCSBfAcPE2WRVPYP9lwdS/tdVjFVMnEzL1n77o1uLs+eQm0t/S/4EmXTUUlcNRy3WykqCvu6Z74WdDhWL1flh8R3IRgx1CpJ9efb2m7xTtUwX9mR5fPf98sWfCEeMIZLGsWhyIPe5BiBqw13GULFQ5cW1hIJPMBjF/1ubRf2J9J7oSmW5oLTvLF3YKsuaO9fmu+Xfltp6FSWS9eFHOoaDfKWyQqI0BSbSCXTZ1XfwvP+JidN+yv3kFuqNEhd1XALip0z/NbwGtXBIea1LFk6zctgl4BjaSMFiwMNh1Y2MXY36uQtZan+eLf0WQoDooVObRGO5JlzDQDudKRNZwgRS1FtTV53sJpBa6cZ8D+ZxjgdntWVH6N0iYgNIXZKiGLT5ccnUCdR4Z6fNPvFRmqzIfLUO3+R6dd3Lg2W8dTenJ87uid/cy2I/tyBOZANJHVwvt3p4FSuRxptiArkbQfNeL3o7RYOJzSbe/cLO9NcgoB/poEv8kZzTlb4jJFvR7umwEmmvC9JQJnTMXkxDzdGgAmOylqzfjlSW7LRVcEky0DSYUgLzjBLwwWo1nErakhvGPXfmmm+ZaSeXf1LRiDe+F9phPqiZMlZBLZU8yX8QZxETL887xf4Tv++S5MMvVKTp0cn1Y6lOUlwuRyYNbOjRsoEJrndCoRNGSSp4CwlxdUY08QKs0rDekRsHE3HoMoFUhTZuuwr6iorewwKscp1sk6fIa8kMAEg5IxKGXEswfVq8skRr2WsTg0FXf/pWvfabHJHhsfBAXPNVL/0tb3Pz7wcC2o52kRk9IyzrOdia4TdPsPYELLYBMBNQRl979c03Hy0WTM/iP6kV9Y2D6yORvY4nNv3wh6WenxK7LXPCJaP+da3pzFqOzGYKNovk2sKgfAhTdeIf2iKhDnO1WBvIWTM/zO8IG0WVg3/XnKsD3DqsiIzva4yi38zqhdD1GIfzPCoqWc7srIBna7GoxwGrGuQU+FM/katXU9OPTXt5MBRg6L2q9Fhe3kLveXGJGCLzdTXhdZB1gQ9+D9nDHZ8Qfu8ij3C/eG5inpEUMoMAePisY+PACqeiacgfHt3WV3CsnU9peoIxAOyD/RKYyh4GUsxZfesWxJvw5atmS5cdn2eXy1ES+OhAu7dzZMPZaZuqRJRrU2g8tYFWWbRUTwQ7KSBwTCBvqADAgEXooG2BIGzdPcb2pDNpScc/1hy4NRJb1osg1hwKz/kPOvjuLF7AggQYKt3cAKWQS/7eeAiQqHu1pLO6PQ50BGIgip4gGFMOBRW3ZM9/lKKo2/3zHCm9SiHsr7aOd5J7iMZI7fhtVqrKpgznCbpMoMc6c5+lt/KbqCZAT3vWzh46cAtdrl+lDwu5Hq5RDuKpBo1soM+1WQ0++yHuVxqFUeGm09WIWRjyKDM3nfTiSe24wxMo9iThkAfOAE= '. 2007/05/08 23:26:59| helperStatefulDispatch busying helper negotiateauthenticator #1 2007/05/08 23:26:59| helperStatefulDispatch: Request sent to negotiateauthenticator #1, 1884 bytes HERE I WOULD EXPECT SOME DEBUG OUTPUT FROM authenticateNegotiateHandleReply BUT NOTHING COMES. and in syslog: May 8 23:26:59 OpenSuse (squid_kerb_auth): Got 'YR
Re: [squid-users] Question about authenticateNegotiateHandleReply
ons 2007-05-09 klockan 00:07 +0100 skrev Markus Moeller: I have written a helper program for the negotiate protocol (only the Kerberos part of it). I can get it to determine the correct userid but somehow the reply doesn't get back to squid. I don't get any debug from authenticateNegotiateHandleReply. What triggers authenticateNegotiateHandleReply to read the output of the helper program ? Just the fact that the helper returned some output. Squid is continously monitoring the helper connection and as soon as the helper outputs something authenticateNegotiateHandleReply gets called. As Duane said the most likely cause to helper output not being seen by Squid is stdio buffering. libc by default buffers output not sent to terminals by the assumtion that everything not a terminal is a batch operation to a file which will only be read after the program has exited (or closed the file), which is not quite what you want here.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Question about authenticateNegotiateHandleReply
Yes the setbuf was missing. Thanks Markus Duane Wessels [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Wed, 9 May 2007, Markus Moeller wrote: I have written a helper program for the negotiate protocol (only the Kerberos part of it). I can get it to determine the correct userid but somehow the reply doesn't get back to squid. I don't get any debug from authenticateNegotiateHandleReply. What triggers authenticateNegotiateHandleReply to read the output of the helper program ? obvious question: is your helper using unbuffered I/O? In C: setbuf(stdout, NULL); In perl: $|=1; Duane W.
Re: [squid-users] Question about authenticateNegotiateHandleReply
mån 2007-05-07 klockan 22:38 +0100 skrev Markus Moeller: Is there anywhere a guide for creating helper programs ? Not really. For the simpler helpers such as url rewriter, basic auth helpers, acl's etc there hasn't really been a need for a guide beyond what is said in the squid.conf comments and the existing helpers as examples. The NTLM and Negotiate schemes is a bit more complex with their statefullness, but it's also not something very many people are going to implement helpers for so it's easier to deal with on a case by case basis there. Just fire whatever questions you have to [EMAIL PROTECTED] The NTLM helper protocol was defined by Squid some years ago. The Negotiate helper protocol was defined by Samba, based on the Squid NTLM helper protocol. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel