[squid-users] FreeBSD and Kerberos: RC4 keytabs work, AES256 don't

[Marko Cupać]

Hi,

I am setting up new AD-integrated squid server, so I thought I might as
well upgrade kerberos crypto on keytabs.

It seems that, at least on FreeBSD 10.2-RELEASE-p13, squid-3.5.15
compiled with GSSAPI_BASE (kerberos from base system) can't
authenticate users via kerberos using AES256 keytabs.

Testing with kinit works, but squid auth does not. I am getting these
in cache.log:
BH gss_accept_sec_context() failed:  Miscellaneous failure (see text).
unknown mech-code 0 for mech unknown

Any help appreciated.
-- 
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/