[squid-dev] [PATCH] Kerberos improvements
Amos Jeffries
squid3 at treenet.co.nz
Wed Oct 29 04:51:12 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 27/10/2014 1:07 a.m., Markus Moeller wrote:
> Hi
>
> I have found some minor issues with my patch and here is an
> updated version.
>
> Regards Markus
>
>
> "Markus Moeller" wrote in message
> news:m14gl4$er3$1 at ger.gmane.org...
>
> Somehow the message didn't get completely through. Here it is
> again
>
> I have some further improvements for the Kerberos helpers. This
> includes
>
> 1) Option -n for kerberos_ldap_group. This disables the
> automated Kerberos authentication(SASL/GSSAPI) to AD and requires
> username/password (SASL/SIMPLE) instead. 2) Improvements in caching
> Kerberos credentials for setup with low SQUID cache TTL. 3) Output
> group= if negotiate_kerberos_auth can retrieve AD groups from
> Kerberos ticket for further processing by squid to external helpers
> ( ones the helper code supports transfer of the kv pairs as
> documented here http://wiki.squid-cache.org/Features/AddonHelpers
> )
>
>
> Please review. As always I appreciate feedback.
>
> Thank you Markus
>
Sorry its taken so long. Applied to trunk as rev.13667 (auth helper)
and rev.13668 (ACL helper)
There are a few coding techinque things to work on;
* using pre-increment (++i) is better than post-increment (i++), and
* sizeof(*mem_cache) instead of re-calculating the string lengths for
snprintf()
- which relies on them not having changed mysteriously during the
(possibly long and interrupted) time malloc can take.
I am accepting anyway since it is at least consistent with the
existing helper code.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUUHI/AAoJELJo5wb/XPRj/gAH/3qdIWTL3dalGYcg6BPxX1qi
WHV1O24CA6qLWx8E5jA5KBYaC6hx8W78Qiy4hPiR1dsfKI3L3GzdRt1qNIcs0bE9
INDbOWTo2yqc2LuZ9aBe02j9cNE4vHZPbghqitZoUMQybs7UvUTWgnwQ/T6l+PPD
B/5yL1jfDVx5anz4+Ko09GTgsR0t7co0yr3tOaP4Ifhg/7pQ0mRalyOESUuf55bh
Zfj10VvwAntHWz/jJQN2zIPop5N0jp9DRIVU5AOtX3OZYajkkBEYfvbwnEBIbS0R
acodz3fLaJuBmwPv/WIBzjjOO0mTHKeJrKNo2TNFSThL7KXPZkQlP6HqsWXbnU0=
=Oauf
-----END PGP SIGNATURE-----
More information about the squid-dev
mailing list