ll tell you which service principal the client is sending to the
server ? I wonder if the name matches the names in your keytab.
Markus
-Original Message- From: Mihail Lukin
Sent: Saturday, November 02, 2013 9:15 PM
To: Markus Moeller
Cc: squid-users
Subject: Re: [squid-users] Re: squi
>>>
>>> It will tell you which service principal the client is sending to the
>>> server ? I wonder if the name matches the names in your keytab.
>>>
>>>
>>> Markus
>>>
&g
gt;
>> Proxy-Authorization: Negotiate YIIHoAYGKwYBB...
>>
>> It will tell you which service principal the client is sending to the
>> server ? I wonder if the name matches the names in your keytab.
>>
>>
>> Markus
>>
>> -----Original Messa
eytab.
Markus
-Original Message- From: Mihail Lukin
Sent: Saturday, November 02, 2013 9:15 PM
To: Markus Moeller
Cc: squid-users
Subject: Re: [squid-users] Re: squid_kerb_auth: Unspecified GSS failure
(W2K8)
Hi, Markus!
1) Here is the output:
Keytab name: FILE:/etc/squid/HTTP.keytab
ill tell you which service principal the client is sending to the
> server ? I wonder if the name matches the names in your keytab.
>
>
> Markus
>
> -Original Message- From: Mihail Lukin
> Sent: Saturday, November 02, 2013 9:15 PM
> To: Markus Moeller
> Cc: squid-u
Hi, Markus!
1) Here is the output:
Keytab name: FILE:/etc/squid/HTTP.keytab
KVNO Timestamp Principal
-
2 10/30/13 14:14:09 host/squidsrv.my.doma...@my.doma.in (des-cbc-crc)
2 10/30/13 14:14:09 host/squidsrv
Hi Mihail,
What does a klist -ekt show ? ( I assume you use MIT Kerberos
on the squid server)
What do you see with wireshark in the authentication header send to squid
?
Markus
"Mihail Lukin" wrote in message
news:caamm_rzhz8m1vbyf5mvw-zbqyvoqhw0nmf4saop8gsy5x9k...@mail.gmail.com..
I'm not sure what should input be. I tried to paste base64-encoded
data from cache.log (YIIGsQYGKwYB...EbrQ==), base64-decoded and
URL-encoded data (%60%82%06%B1%06%06%2B%...%1B%AD), but the output is
a bunch of "Unknowns".
On Thu, Oct 31, 2013 at 10:02 AM, Amos Jeffries wrote:
> On 31/10/2013 5:
On 31/10/2013 5:54 p.m., Mihail Lukin wrote:
I don't know why access-time is not being updated, but strace has
shown that keytab is being read successfully by squid_kerb_auth
process.
This tool may help you identify whether the tokens being sent to Squid
are the ones you are expecting:
http
I don't know why access-time is not being updated, but strace has
shown that keytab is being read successfully by squid_kerb_auth
process.
On Thu, Oct 31, 2013 at 8:15 AM, Mihail Lukin wrote:
> Hello, Markus!
>
> Sorry for not mentioning it at once, KRB5_KTNAME is being exported in
> /etc/sysconf
Hello, Markus!
Sorry for not mentioning it at once, KRB5_KTNAME is being exported in
/etc/sysconfig/squid and is readable by squid group. But there is
still something wrong with it: keytab's access time is not changed
neither when I restart squid not when I request an URL through the
proxy.
I thi
Hi Mihail,
Did you use export KRB5_KTNAME to point to the right keytab ? Is the
keytab readable by the user under which squid runs ?
Markus
"Mihail Lukin" wrote in message
news:CAAmm_rZ8jNoeFMRGthiYeHQ+GgSfmySFnw8708dwdDVUW3=r...@mail.gmail.com...
Hello,
I'm trying to configure Squid
12 matches
Mail list logo