[squid-dev] [PATCH] Kerberos improvements
squid3 at treenet.co.nz
Wed Oct 29 04:51:12 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 27/10/2014 1:07 a.m., Markus Moeller wrote:
> I have found some minor issues with my patch and here is an
> updated version.
> Regards Markus
> "Markus Moeller" wrote in message
> news:m14gl4$er3$1 at ger.gmane.org...
> Somehow the message didn't get completely through. Here it is
> I have some further improvements for the Kerberos helpers. This
> 1) Option -n for kerberos_ldap_group. This disables the
> automated Kerberos authentication(SASL/GSSAPI) to AD and requires
> username/password (SASL/SIMPLE) instead. 2) Improvements in caching
> Kerberos credentials for setup with low SQUID cache TTL. 3) Output
> group= if negotiate_kerberos_auth can retrieve AD groups from
> Kerberos ticket for further processing by squid to external helpers
> ( ones the helper code supports transfer of the kv pairs as
> documented here http://wiki.squid-cache.org/Features/AddonHelpers
> Please review. As always I appreciate feedback.
> Thank you Markus
Sorry its taken so long. Applied to trunk as rev.13667 (auth helper)
and rev.13668 (ACL helper)
There are a few coding techinque things to work on;
* using pre-increment (++i) is better than post-increment (i++), and
* sizeof(*mem_cache) instead of re-calculating the string lengths for
- which relies on them not having changed mysteriously during the
(possibly long and interrupted) time malloc can take.
I am accepting anyway since it is at least consistent with the
existing helper code.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
-----END PGP SIGNATURE-----
More information about the squid-dev