[squid-users] Kerberos authentication problem - squid 3.4.11
Markus Moeller
huaraz at moeller.plus.com
Tue Feb 10 20:46:06 UTC 2015
Hi Ludovit,
Which Kerberos library version do you use ? Is it possible that the
encryption types don't match ? I saw in your first email the following:
Your klist shows a HTTP ticket for arcfour
Server: HTTP/squid1.mdpt.local at MDPT.LOCAL
Client: HTTP/squid1.mdpt.local at MDPT.LOCAL
Ticket etype: arcfour-hmac-md5, kvno 8
Ticket length: 1090
Auth time: Feb 9 14:55:18 2015
Start time: Feb 9 14:55:20 2015
End time: Feb 10 00:55:18 2015
Ticket flags: enc-pa-rep, pre-authent
Addresses: addressless
but the keytab has aes128.
# ktutil -k /etc/krb5.keytab list
/etc/krb5.keytab:
Vno Type Principal Aliases
8 aes128-cts-hmac-sha1-96 HTTP/squid1.mdpt.local at MDPT.LOCAL
Markus
"Ludovit Koren" wrote in message news:86d25i9plr.fsf at gmail.com...
>>>>> Markus Moeller <huaraz at moeller.plus.com> writes:
> Hi Ludovit,
> I haven't seen that error before either, but when you test you sould
> have your own user credentials in the cache. You should use kinit
> <user>@MDPT.LOCAL and then try again the test. is the hostname
> correctly set to squid1.mdpt.local ? If not try
> /usr/local/libexec/squid/negotiate_kerberos_auth_test
> squid1.mdpt.local | awk '{sub(/Token:/,"YR"); print $0}END{print
> "QQ"}' | /usr/local/libexec/squid/negotiate_kerberos_auth -r -s
> GSS_C_NO_NAME
Hello,
still no progress...
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: xkoren at MDPT.LOCAL
Issued Expires Principal
Feb 10 08:41:06 2015 Feb 10 18:41:06 2015 krbtgt/MDPT.LOCAL at MDPT.LOCAL
Feb 10 08:42:17 2015 Feb 10 18:41:06 2015
HTTP/squid1.mdpt.local at MDPT.LOCAL
# hostname
squid1.mdpt.local
# /usr/local/libexec/squid/negotiate_kerberos_auth_test squid1.mdpt.local |
awk '{sub(/Token:/,"YR"); print $0}END{print "QQ"}' |
/usr/local/libexec/squid/otiate_kerberos_auth -r -s HTTP/squid1.mdpt.local
BH gss_accept_sec_context() failed: Miscellaneous failure (see text).
unknown mech-code 2529639093 for mech unknown
BH quit command
# /usr/local/libexec/squid/negotiate_kerberos_auth_test squid1.mdpt.local |
awk '{sub(/Token:/,"YR"); print $0}END{print "}' |
/usr/local/libexec/squid/negotiate_kerberos_auth -r -s GSS_C_NO_NAME
BH gss_accept_sec_context() failed: Miscellaneous failure (see text).
unknown mech-code 2529639094 for mech unknown
BH quit command
regards,
lk
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list