On Thu, 12 Jul 2007 09:51:23 +0100 "Markus Moeller" <[EMAIL PROTECTED]> wrote:
> The token seems alright. If you use a recent Kerberos implementation > you should compile with -DHAVE_SPNEGO which will avoid the use of the > spnego helper routines. If you don't run a recent Kerberos > implementation make sure that you use: > for Linux: > -D__LITTLE_ENDIAN__ > for Solaris: > -D__BIG_ENDIAN__ > > As this is important for the spnegohelper. Hi, i've just updated the kdc and the krb5libs on squid host to the "testing" version of debian [krb5 (1.6.dfsg.1-5)]. Now it works! Thank you very much. There's however something i would ask you: With newer kerberos libs works out of the box (./configure;make;make install), however i tried to compile squid_kerb_auth with -DHAVE_SPNEGO adding it to do.sh, but got some warning cc1: warnings being treated as errors squid_kerb_auth.c: In function ‘main’: squid_kerb_auth.c:195: warning: unused variable ‘kerberosTokenLength’ squid_kerb_auth.c:180: warning: unused variable ‘rc’ so i removed "-Werror" from do.sh and it compiled. With both "standard" and "DHAVE_SPNEGO" version of the helper i noticed a strange behaviour in logs: 2007/07/12 12:35:15| squid_kerb_auth: Got 'YR YIICTAYGKwYBBQUCoIICQDCCA jygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKC AgYEggICYIIB/gYJKoZIhvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACAAAACjggE hYYIBHTCCARmgAwIBBaEUGxJTVFVERU5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVF RQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEKEDAgEDooHHBIHEULBIf35R+xfVHAyVv JcwKbcUUWOzN9q3OgCHceBDUn+L2yYFugILBpLUQ/C3rz++qrpbyLTgc6z2LSssE6sbxDH+ ibG7k73QH5tE8l+sj4NTj217RiwGBMJnUNCP8PMFmYOWmqlYBg9pZzJDTa4KbXtx6i7I3LU ve9wG+YI69f+xVndLN3y3hRbEJgMJcteS9hWrlN3LkiUlH7B0GWcIVqxrADqyHv7hJBhOJF jDw/O8G6AEc6tLCTBZr7fyfZXnaaJcUKSBrjCBq6ADAgEBooGjBIGgpYqE+KOUv+iVkKGc0 eiqzCFI6kiNKt1cwXnTUc8lAwxxPZNfi+CrlfvQc4XsSeJcj0kIeUw0KRSVt0u+fjIA1PVF P8DJmgM443lj7icj7qS0sccPwBD1BL8UX+Q444rFRESr206w+U1VXO92m0WYuqXTehXGZqc tYwNeNpXmLYZ96/rMpyA7h/bCKCG9l5bfcE/4mBpVm24O2//BeKrtXw==' from squid (length: 795). 2007/07/12 12:35:15| squid_kerb_auth: parseNegTokenInit failed with rc=102 2007/07/12 12:35:15| squid_kerb_auth: AF oYGLMIGIoAMKAQChCwYJKoZIgvcSAQI ConQEcmBwBgkqhkiG9xIBAgICAG9hMF+gAwIBBaEDAgEPolMwUaADAgEBokoESLjO9CJpkO4 +UlWAzvSF1DUq620yHD9C1+wnoHbTv6LKzjsN2Se9s7r99fXHEzCK77mXdd10fwhoz7ot+NH U74gmPWgO7Pe2PA== [EMAIL PROTECTED] 2007/07/12 12:35:15| authenticateStart: auth_user_request '0x8423310' Is it normal to get parseNegTokenInit rc=102 error anyway before authenticating the user? Thanks, -- Miolinux