[squid-users] squid kerberos auth, acl note group
Klaus Brandl
klaus_brandl at genua.de
Wed Jul 22 12:53:14 UTC 2020
On Thursday 23 July 2020 00:16:45 Amos Jeffries wrote:
> On 22/07/20 8:59 pm, Klaus Brandl wrote:
> > but i have compared the encoded string from the auth helper with the
> > string at the Proxy-Authentication header from the client with tcpdump,
> > and it's exactly the same:
> >
> > Proxy-Authorization: Negotiate
> > YIIGpQYGKwYBBQUCoIIGmTCCBpWgMDAuBgkqhkiC9xIB...
> >
> > /tmp/ports.squid-4.11pg0.AFNuqpKCuX/squid-4.11/src/auth/negotiate/kerberos
> > /negotiate_kerberos_auth.cc(612): pid=28796 :2020/07/21 16:15:12|
> > negotiate_kerberos_auth: DEBUG: Got 'YR
> > YIIGpQYGKwYBBQUCoIIGmTCCBpWgMDAuBgkqhkiC9xIB...
> >
> > On the kerberos connection(port 88) i see only the service prinzipal, so i
> > am nearly sure, this groups are from the client.
>
> Okay. If you run the helper manually on command line and pass that same
> "YR ..." line Squid is delivering. How long is the result that comes back?
thank you, i think you mean this:
DEBUG: OK token=oYG3MIG0oAMKAQChCwYJKoZIgvcSAQIC...
This is only 254 bytes.
>
> The helper I/O buffer is 32KB in current Squid. The above test will show
> how large it needs to be for your network. Unfortunately changes to this
> buffer do need a patch.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
Klaus
---
genua GmbH
Domagkstrasse 7, 85551 Kirchheim bei Muenchen
tel +49 89 991950-0, fax -999, www.genua.de
Geschaeftsfuehrer: Matthias Ochs, Marc Tesch
Amtsgericht Muenchen HRB 98238
genua ist ein Unternehmen der Bundesdruckerei-Gruppe.
More information about the squid-users
mailing list