[squid-users] Kerberos authentication problem - squid 3.4.11

Ludovit Koren ludovit.koren at gmail.com
Fri Feb 13 20:40:21 UTC 2015


>>>>> Markus Moeller <huaraz at moeller.plus.com> writes:

    > Hi Ludovit,
    >  Firstly, these lines are contradictory

    > permitted_enctypes = aes128-cts-hmac-sha1-96
    > allow_weak_crypto = true

    > weak crypto is des and permitted is aes.  Do you use a mixed AD
    > environment ( 2003/2008 )  ?  2003 does not support aes.

Hello,

the AD cluster is due to be upgraded. I think the old is 2003 and new is
2010(?). I am trying to authenticate against new one, I got the keytab
from it with the following:

# ktutil -k /etc/krb5.keytab list
/etc/krb5.keytab:

Vno  Type                     Principal                         Aliases
  5  aes128-cts-hmac-sha1-96  HTTP/proxy.mdpt.local at MDPT.LOCAL  

I commented out allow_weak_crypto. The result is the same.


lk


More information about the squid-users mailing list