[squid-dev] [PATCH] Kerberos improvements
Markus Moeller
huaraz at moeller.plus.com
Sun Oct 26 12:07:41 UTC 2014
Hi
I have found some minor issues with my patch and here is an updated
version.
Regards
Markus
"Markus Moeller" wrote in message news:m14gl4$er3$1 at ger.gmane.org...
Somehow the message didn't get completely through. Here it is again
I have some further improvements for the Kerberos helpers. This includes
1) Option -n for kerberos_ldap_group. This disables the automated Kerberos
authentication(SASL/GSSAPI) to AD and requires username/password
(SASL/SIMPLE) instead.
2) Improvements in caching Kerberos credentials for setup with low SQUID
cache TTL.
3) Output group= if negotiate_kerberos_auth can retrieve AD groups from
Kerberos ticket for further processing by squid to external helpers ( ones
the helper code supports transfer of the kv pairs as documented here
http://wiki.squid-cache.org/Features/AddonHelpers )
Please review. As always I appreciate feedback.
Thank you
Markus
"Markus Moeller" wrote in message news:m11odm$ssp$1 at ger.gmane.org...
Spam detection software, running on the system "master.squid-cache.org",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi , I have some further improvments for the Kerberos
helpers.
This includes 1) Option -n for kerberos_ldap_group. This disables the
automated
Kerberos authentication(SASL/GSSAPI) to AD and requires username/password
(SASL/SIMPLE) instead. 2) Improvements in caching Kerberos credentials
for
setup with low SQUID cache TTL. 3) Output group= if
negotiate_kerberos_auth
can retrieve AD groups from Kerberos ticket for further processing by
squid
to external helpers ( ones the helper code supports transfer of the kv
pairs
as documented here http://wiki.squid-cache.org/Features/AddonHelpers )
[...]
Content analysis details: (5.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: squid-cache.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see
http://www.openspf.org/Why?s=mfrom;id=gcwsd-squid-dev%40m.gmane.org;ip=81.174.172.105;r=master.squid-cache.org]
0.0 T_HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
lines
1.3 RDNS_NONE Delivered to internal network by a host with no
rDNS
3.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
_______________________________________________
squid-dev mailing list
squid-dev at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
_______________________________________________
squid-dev mailing list
squid-dev at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kerberos_improvements_2.patch.gz
Type: application/x-gzip
Size: 7022 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20141026/eec12176/attachment.bin>
More information about the squid-dev
mailing list