<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial'; COLOR: #000000">
<DIV>Can you capture the traffic on port 88 ? Heimdal has not helpful messages,
so seeing the real traffic may help identifying the issue.</DIV>
<DIV> </DIV>
<DIV>Kinit should create an AS req/rep</DIV>
<DIV>the test program creates a TGS req/rep</DIV>
<DIV> </DIV>
<DIV>Example attached if it gets through.</DIV>
<DIV> </DIV>
<DIV>Markus</DIV>
<DIV> </DIV>
<DIV
style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV>"Panagiotis Bariamis" <akismpa@gmail.com> wrote in message
news:CAPxN_PVp9RETXBPZG6ZX5rzNK6Hu-HLxdAagSfgXVcg=DcdGsw@mail.gmail.com...</DIV></DIV></DIV>
<DIV
style="BORDER-TOP-COLOR: #000000; BORDER-BOTTOM-COLOR: #000000; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 4px solid; BORDER-RIGHT-COLOR: #000000">
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV dir=ltr>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>
<DIV>Hello my setup is as follows :<BR></DIV>Freebsd 11 Heimdal Kerberos Server
and DNS properly configured (testlab enviroment for <A
href="http://example.com">example.com</A> domain) <BR></DIV>Freebsd 11 squid
proxy server <BR></DIV>Windows Client <BR><BR><BR></DIV>I have created a keytab
from the Kerberos Server for http/<A
href="http://squid.example.com">squid.example.com</A><BR></DIV>Proxy server
machine has no problem kinit ing with the keytab file and gets a ticket
<BR><BR># klist<BR>Credentials cache:
FILE:/tmp/krb5cc_0<BR> Principal:
http/<A>squid.example.com@EXAMPLE.COM</A><BR><BR>
Issued
Expires
Principal<BR>May 9 15:38:36 2018 May 10 01:38:37 2018
krbtgt/<A>EXAMPLE.COM@EXAMPLE.COM</A><BR><BR></DIV>My squid.conf is as follows
concerning the authentication :<BR>auth_param negotiate program
/usr/local/libexec/squid/negotiate_kerberos_auth<BR>auth_param negotiate
children 10 startup=1<BR>auth_param negotiate keep_alive on<BR><BR></DIV>Trying
to use :<BR># /usr/local/libexec/squid/negotiate_kerberos_auth_test <A
href="http://squid.example.com">squid.example.com</A> <BR>| awk
'{sub(/Token:/,"YR"); print $0}END{print "QQ"}' <BR>|
/usr/local/libexec/squid/negotiate_kerberos_auth -r -s http/<A
href="http://squid.example.com">squid.example.com</A><BR><BR></DIV>fails with
:<BR>| negotiate_kerberos_auth_test: gss_init_sec_context() failed: An
unsupported mechanism was requested. unknown mech-code 0 for mech unknown<BR>BH
gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0
for mech unknown<BR>BH quit command<BR><BR><BR></DIV>Any ideas
?<BR><BR></DIV>Thank you , <BR></DIV>Bariamis Panagiotis <BR>
<DIV>
<DIV>
<DIV>
<DIV> </DIV>
<DIV> </DIV></DIV></DIV></DIV></DIV>
<P>
<HR>
_______________________________________________<BR>squid-users mailing
list<BR>squid-users@lists.squid-cache.org<BR>http://lists.squid-cache.org/listinfo/squid-users<BR></DIV></DIV></DIV></DIV></BODY></HTML>