On Tue, 1 Sep 2009 19:55:47 +0100, "Markus Moeller" <hua...@moeller.plus.com> wrote: > Henrik, > > I updated the patch. I also said that I removed the configure from > squid_kerb_auth by replacing the whole squid_kerb_auth directory with the
> attached tar file (to the previous post) which hopefully fixes the fedora > build. Does the directory replacement have to be done at the same time or would it cope with being split in two and done after the main change? Amos > > Thank you > Markus > > "Henrik Nordstrom" <hen...@henriknordstrom.net> wrote in message > news:1251770416.16800.65.ca...@henriknordstrom.net... >> Needs quoting: >> + KRB5INCS=`$krb5confpath --cflags krb5 2>/dev/null` >> + KRB5LIBS=`$krb5confpath --libs krb5 2>/dev/null` >> >> (seen twice, Solaris & generic) >> >> >> Would also be nice if you could update squid_kerb_auth/configure with >> this simplified kerberos configure dance. The squid_kerb_auth/configure >> in Squid-3.0 adds a bit too many linker flags adding -Lno/lib -Rno/lib >> for me and currently prevents it from being packaged for Fedora (build >> QA check failure, incorrect run-path) >> >> Regards >> Henrik >> >> >> mån 2009-08-31 klockan 14:03 +0100 skrev Markus Moeller: >>> Hi Amos, >>> >>> find attached a patch against the head release. since I now need >>> Kerberos and GSSAPI for the main source I removed the squid_kerb_auth >>> configure and replaced the squid_kerb_auth directory with the attached. >>> >>> I tested on OpenSuse 11 with MIT Kerberos 1.6.3(the default) and Freebsd >>> >>> 7.0 >>> with Heimdal 1.2.1(added as the older freebsd base Heimdal package >>> creates >>> problems as squids asn1.h and krb5_asn1.h have conflicts with oid >>> definitions) >>> >>> Regards >>> Markus >>> >>> ----- Original Message ----- >>> From: "Amos Jeffries" <squ...@treenet.co.nz> >>> To: "Markus Moeller" <hua...@moeller.plus.com> >>> Cc: <squid-dev@squid-cache.org> >>> Sent: Tuesday, August 25, 2009 12:38 PM >>> Subject: Re: Patch to authenticate securely to upstream ISA server(or >>> others) >>> >>> >>> > Markus Moeller wrote: >>> >> In some setups the upstream proxy requires a secue authentication >>> >> method >>> >> (Negotiate, NTLM). The attached patches (2.7 and 3.0) allow this with >>> >> Negotiate. >>> >> >>> >> Regards >>> >> Markus >>> > >>> > Hi Markus, >>> > Good to see this feature appearing. >>> > >>> > Just a few things to fix up before this can go in: >>> > >>> > * Makefile.am lines for linking peer_proxy_negotiate_auth.cc seem to >>> > >>> > be >>> > indented with spaces instead of the automake required tabs. >>> > >>> > * Unfortunately 3.0 is closed for new features. Can we get a diff >>> > against 3.HEAD code please? >>> > >>> > * there is zero documentation for the new option settings. Please add >>> > >>> > to >>> > the cache_peer entry of src/cf.data.pre with the new details for >>> > login=NEGOTIATE. >>> > >>> > * there is also no documentation for any of the code. Please prefix >>> > each >>> > new function and global in your new code with at least an overview >>> > description of what it does. >>> > >>> > >>> > Amos >>> > -- >>> > Please be using >>> > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 >>> > Current Beta Squid 3.1.0.13 >>> > >> >>