On Thu, 12 Jul 2007 09:51:23 +0100
"Markus Moeller" <[EMAIL PROTECTED]> wrote:

> The token seems alright. If you use a recent Kerberos implementation
> you should compile with -DHAVE_SPNEGO which will avoid the use of the
> spnego helper routines. If you don't run a recent Kerberos
> implementation make sure that you use:
> for  Linux:
>  -D__LITTLE_ENDIAN__
> for Solaris:
>  -D__BIG_ENDIAN__
> 
> As this is important for the spnegohelper.

Hi, i've just updated the kdc and the krb5libs on squid host
to the "testing" version of debian [krb5 (1.6.dfsg.1-5)].

Now it works! Thank you very much.

There's however something i would ask you:

With newer kerberos libs works out of the box (./configure;make;make
install), however i tried to compile squid_kerb_auth with -DHAVE_SPNEGO
adding it to do.sh, but got some warning

cc1: warnings being treated as errors
squid_kerb_auth.c: In function ‘main’:
squid_kerb_auth.c:195: warning: unused variable ‘kerberosTokenLength’
squid_kerb_auth.c:180: warning: unused variable ‘rc’

so i removed "-Werror" from do.sh and it compiled.

With both "standard" and "DHAVE_SPNEGO" version of the helper i noticed a
strange behaviour in logs:

2007/07/12 12:35:15| squid_kerb_auth: Got 'YR YIICTAYGKwYBBQUCoIICQDCCA
jygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKC
AgYEggICYIIB/gYJKoZIhvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACAAAACjggE
hYYIBHTCCARmgAwIBBaEUGxJTVFVERU5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVF
RQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEKEDAgEDooHHBIHEULBIf35R+xfVHAyVv
JcwKbcUUWOzN9q3OgCHceBDUn+L2yYFugILBpLUQ/C3rz++qrpbyLTgc6z2LSssE6sbxDH+
ibG7k73QH5tE8l+sj4NTj217RiwGBMJnUNCP8PMFmYOWmqlYBg9pZzJDTa4KbXtx6i7I3LU
ve9wG+YI69f+xVndLN3y3hRbEJgMJcteS9hWrlN3LkiUlH7B0GWcIVqxrADqyHv7hJBhOJF
jDw/O8G6AEc6tLCTBZr7fyfZXnaaJcUKSBrjCBq6ADAgEBooGjBIGgpYqE+KOUv+iVkKGc0
eiqzCFI6kiNKt1cwXnTUc8lAwxxPZNfi+CrlfvQc4XsSeJcj0kIeUw0KRSVt0u+fjIA1PVF
P8DJmgM443lj7icj7qS0sccPwBD1BL8UX+Q444rFRESr206w+U1VXO92m0WYuqXTehXGZqc
tYwNeNpXmLYZ96/rMpyA7h/bCKCG9l5bfcE/4mBpVm24O2//BeKrtXw==' from squid (length: 
795).
2007/07/12 12:35:15| squid_kerb_auth: parseNegTokenInit failed with rc=102
2007/07/12 12:35:15| squid_kerb_auth: AF oYGLMIGIoAMKAQChCwYJKoZIgvcSAQI
ConQEcmBwBgkqhkiG9xIBAgICAG9hMF+gAwIBBaEDAgEPolMwUaADAgEBokoESLjO9CJpkO4
+UlWAzvSF1DUq620yHD9C1+wnoHbTv6LKzjsN2Se9s7r99fXHEzCK77mXdd10fwhoz7ot+NH
U74gmPWgO7Pe2PA== [EMAIL PROTECTED]
2007/07/12 12:35:15| authenticateStart: auth_user_request '0x8423310'

Is it normal to get parseNegTokenInit rc=102 error anyway before authenticating 
the user?


Thanks,

--
Miolinux

Reply via email to