[squid-users] benefits ofusingext_kerberos_ldap_group_aclinstead of ext_ldap_group_acl

Simon Stäheli sis at open.ch
Mon Feb 16 09:50:33 UTC 2015 

On 14.02.2015, at 15:43, Markus Moeller <huaraz at moeller.plus.com> wrote:

>> 
>> On 12.02.2015, at 17:58, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>> 
>>> On 13/02/2015 5:41 a.m., Simon Stäheli wrote:
>>>> 
>>>> hmh, HAVE_KRB5 seems not to be set in include/autoconf.h
>>>> 
>>>> What is the correct way to provide squid the path to the kerberos header files?
>>>> 
>>>> ./configure —help doesn’t show a useful option as --with-krb5-config= seems not to be the right option.
>>> 
>>> If you are using Squid-3.4 or older versions where that option exists,
>>> you need to insted use CXXFLAGS to set the -I (library headers) and -L
>>> (library binary) locations.
>>> Something like:
>>> ./configure CXXFLAGS="-I/path/to/include -L/path/to/lib" …
>> 
>> 
>> Thx for the hint! Tried ./configure CXXFLAGS="-I/opt/krb5/include -L/opt/krb5/lib" --prefix=/opt/squid --sysconfdir=/opt/squid/etc --enable-auth --enable-auth-negotiate="kerberos" --enable-external-acl-helpers=“kerberos_ldap_group” but without success. The /opt/krb5/ paths have been set in the Makefile, but HAVE_KRB5 is still no defined. Anything else to do here? (used Squid-3.4.11)
>> 
>> 
>>> 
>>> 
>>> Squid-3.5 and later have per-library ./configure options. In the case of
>>> Heimdal use --with-heimdal-krb5=PATH
>> 
>> 
>> tried it with Squid-3.5 and --with-heimdal-krb5=PATH and seems to work until make tries to compile kerberos_ldap_group
>> 
>> make[2]: Entering directory `/usr/src/packages/src/squid-3.5.1/helpers/external_acl/kerberos_ldap_group'
>> g++ -DHAVE_CONFIG_H   -I../../.. -I../../../include -I../../../lib -I../../../src -I../../../include  -I/opt/krb5/include  -I/opt/krb5/include   -I.  -Wall  -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -I/opt/krb5/include   -I/opt/krb5/include -L/opt/krb5/lib -march=native -MT support_krb5.o -MD -MP -MF .deps/support_krb5.Tpo -c -o support_krb5.o support_krb5.cc
>> cc1plus: warnings being treated as errors
>> support_krb5.cc: In function 'int krb5_create_cache(char*)':
>> support_krb5.cc:89:9: error: 'const char* krb5_get_err_text(krb5_context_data*, krb5_error_code)' is deprecated (declared at /opt/krb5/include/krb5-protos.h:2089)
>> ...
>> make[2]: *** [support_krb5.o] Error 1
>> make[2]: Leaving directory `/usr/src/packages/src/OSAGsquid-sis/squid-3.5.1/helpers/external_acl/kerberos_ldap_group’
>> 
>> my Heimdal Kerberos (Heimdal 1.3.3) libs seemed no to be compatible with kerberos_ldap_group?!
>> 
>> 
> 
> I am a bit surprised as I did not see this when testing on freebsd with heimdal.   I update my  trunk version at https://code.launchpad.net/~huaraz/squid/kerberos-updates. Can you test with that and if OK I will ask to include the updates.
> 


Your trunk version works perfectly. Thank you very much Markus!


>>> 
>>> 
>>> Amos
>>> 
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
>> 
> 
> Markus 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150216/0c78b9c2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4030 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150216/0c78b9c2/attachment.bin>

More information about the squid-users mailing list