[squid-users] SQUID 4.6 - Kerberos Helper Error - FreeBSD
Fabricio Ferreira
guzzy at bol.com.br
Sun Apr 21 20:21:34 UTC 2019
Hello Amos,
Thanks Much for your help on this.
I have re-checked all permissions and ownership of the keytab file. Everything looks fine. Same settings I have used before on squid 3.5.x (0440 - root:proxy /etc/krb5.keytab)
Yes, keytab has the "proxy" group set - squid user is part of it.
Looking at the stderr log, this is all I see:
##########################################
pid 85392 (negotiate_kerberos_), uid 100: exited on signal 11
pid 85451 (negotiate_kerberos_), uid 100: exited on signal 11
pid 85555 (negotiate_kerberos_), uid 100: exited on signal 11
pid 85710 (negotiate_kerberos_), uid 100: exited on signal 11
pid 85924 (negotiate_kerberos_), uid 100: exited on signal 11
pid 18353 (negotiate_kerberos_), uid 100: exited on signal 11
pid 18452 (negotiate_kerberos_), uid 100: exited on signal 11
pid 18783 (negotiate_kerberos_), uid 100: exited on signal 11
pid 19021 (negotiate_kerberos_), uid 100: exited on signal 11
pid 19294 (negotiate_kerberos_), uid 100: exited on signal 11
pid 19307 (negotiate_kerberos_), uid 100: exited on signal 11
pid 19532 (negotiate_kerberos_), uid 100: exited on signal 11
pid 19591 (negotiate_kerberos_), uid 100: exited on signal 11
...
#####################################################
Not much uh? I don't see anybody using Kerberos with squid 4.6 on FreeBSD 12 yet, so, I think I am alone for a while.
Does it worth to report it to the FreeBSD port (squid) maintainer?
Thanks once again!
Fabricio.
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Sunday, April 21, 2019 3:46 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] SQUID 4.6 - Kerberos Helper Error - FreeBSD
On 21/04/19 9:02 am, Fabricio Ferreira wrote:
> Hello Everyone,
> Greetings.
> Recently I had to upgrade my Squid to ver 4.6 - that´s when my
> problems started.
> I can't use the KERBEROS helper anymore.
> I am trying to use exactly the same configurtion I was using for Squid
> 3.5.27(by the way, I am using Squid with SAMBA 4.10 – From the command
> prompt, everything works fine. Keytab was successfully generated and
> it´s working.
Was that run as the same low-privilege user account Squid runs it?
One thing you can do is use the exact same options (including -d) that Squid uses and see of there is any noticable difference in the stderr log output it produces vs the cache.log entries you provided below.
If nothing shows up there, try copy-paste'ing the same "YR ..." line (single line of input) that Squid sends ans see if anything shows up then.
The helpers each start by opening /etc/krb5.keytab then immediately switch to separate memory-only keytabs. That may be something going wrong with the /etc/krb5.keytab file access.
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list