[squid-users] Kerberos authentication problem - squid 3.4.11
Ludovit Koren
ludovit.koren at gmail.com
Mon Feb 9 14:19:42 UTC 2015
Hi,
I have setup kerberos according to:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: HTTP/squid1.mdpt.local at MDPT.LOCAL
Issued Expires Principal
Feb 9 14:55:18 2015 Feb 10 00:55:18 2015 krbtgt/MDPT.LOCAL at MDPT.LOCAL
Feb 9 14:55:20 2015 Feb 10 00:55:18 2015 HTTP/squid1.mdpt.local at MDPT.LOCAL
# klist -v
Credentials cache: FILE:/tmp/krb5cc_0
Principal: HTTP/squid1.mdpt.local at MDPT.LOCAL
Cache version: 4
Server: krbtgt/MDPT.LOCAL at MDPT.LOCAL
Client: HTTP/squid1.mdpt.local at MDPT.LOCAL
Ticket etype: aes256-cts-hmac-sha1-96, kvno 3
Session key: aes128-cts-hmac-sha1-96
Ticket length: 1081
Auth time: Feb 9 14:55:18 2015
End time: Feb 10 00:55:18 2015
Ticket flags: enc-pa-rep, pre-authent, initial, forwardable
Addresses: addressless
Server: HTTP/squid1.mdpt.local at MDPT.LOCAL
Client: HTTP/squid1.mdpt.local at MDPT.LOCAL
Ticket etype: arcfour-hmac-md5, kvno 8
Ticket length: 1090
Auth time: Feb 9 14:55:18 2015
Start time: Feb 9 14:55:20 2015
End time: Feb 10 00:55:18 2015
Ticket flags: enc-pa-rep, pre-authent
Addresses: addressless
# ktutil -k /etc/krb5.keytab list
/etc/krb5.keytab:
Vno Type Principal Aliases
8 aes128-cts-hmac-sha1-96 HTTP/squid1.mdpt.local at MDPT.LOCAL
When I try to test it with the following command I get the error:
# /usr/local/libexec/squid/negotiate_kerberos_auth_test squid1.mdpt.local | awk '{sub(/Token:/,"YR"); print $0}END{print "QQ"}' | /usr/local/libexec/squid/negotiate_kerberos_auth -r -s HTTP/squid1.mdpt.local
BH gss_accept_sec_context() failed: Miscellaneous failure (see text). unknown mech-code 2529639093 for mech unknown
BH quit command
I cannot find anything suitable for the error code. Could you, please,
point me in the right direction? Any hint appreciated.
regards,
lk
More information about the squid-users
mailing list