[squid-dev] [PATCH] Kerberos improvements

Markus Moeller huaraz at moeller.plus.com
Wed Oct 8 23:16:47 UTC 2014 

Somehow the message didn't get completely through. Here it is again

I have some further improvements for the Kerberos helpers. This includes

1) Option -n for kerberos_ldap_group.   This disables the automated Kerberos
authentication(SASL/GSSAPI) to AD and requires username/password
(SASL/SIMPLE) instead.
2) Improvements in caching Kerberos credentials for setup with low SQUID
cache TTL.
3) Output group= if negotiate_kerberos_auth can retrieve AD groups from
Kerberos ticket for further processing by squid to external helpers ( ones
the helper code supports transfer of the kv pairs as documented here
http://wiki.squid-cache.org/Features/AddonHelpers )


Please review.  As always I appreciate feedback.

Thank you
Markus


"Markus Moeller"  wrote in message news:m11odm$ssp$1 at ger.gmane.org...

Spam detection software, running on the system "master.squid-cache.org",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview:  Hi , I have some further improvments for the Kerberos 
helpers.
   This includes 1) Option -n for kerberos_ldap_group. This disables the 
automated
   Kerberos authentication(SASL/GSSAPI) to AD and requires username/password
   (SASL/SIMPLE) instead. 2) Improvements in caching Kerberos credentials 
for
   setup with low SQUID cache TTL. 3) Output group= if 
negotiate_kerberos_auth
   can retrieve AD groups from Kerberos ticket for further processing by 
squid
   to external helpers ( ones the helper code supports transfer of the kv 
pairs
   as documented here http://wiki.squid-cache.org/Features/AddonHelpers ) 
[...]


Content analysis details:   (5.7 points, 5.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was 
blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: squid-cache.org]
0.9 SPF_FAIL               SPF: sender does not match SPF record (fail)
[SPF failed: Please see 
http://www.openspf.org/Why?s=mfrom;id=gcwsd-squid-dev%40m.gmane.org;ip=81.174.172.105;r=master.squid-cache.org]
0.0 T_HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
                            domains are different
0.0 UNPARSEABLE_RELAY      Informational: message has unparseable relay 
lines
1.3 RDNS_NONE              Delivered to internal network by a host with no 
rDNS
3.5 TO_NO_BRKTS_MSFT       To: misformatted and supposed Microsoft tool

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.







_______________________________________________
squid-dev mailing list
squid-dev at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

More information about the squid-dev mailing list