[squid-users] benefits ofusingext_kerberos_ldap_group_aclinstead of ext_ldap_group_acl

Markus Moeller huaraz at moeller.plus.com
Sat Feb 14 14:43:52 UTC 2015 

>On 12.02.2015, at 17:58, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
>> On 13/02/2015 5:41 a.m., Simon Stäheli wrote:
>>>
>>> hmh, HAVE_KRB5 seems not to be set in include/autoconf.h
>>>
>>> What is the correct way to provide squid the path to the kerberos header 
>>> files?
>>>
>>> ./configure —help doesn’t show a useful option as --with-krb5-config= 
>>> seems not to be the right option.
>>
>> If you are using Squid-3.4 or older versions where that option exists,
>> you need to insted use CXXFLAGS to set the -I (library headers) and -L
>> (library binary) locations.
>> Something like:
>> ./configure CXXFLAGS="-I/path/to/include -L/path/to/lib" …
>
>
>Thx for the hint! Tried ./configure 
>CXXFLAGS="-I/opt/krb5/include -L/opt/krb5/lib" --prefix=/opt/squid --sysconfdir=/opt/squid/etc 
> --enable-auth --enable-auth-negotiate="kerberos" --enable-external-acl-helpers=“kerberos_ldap_group” 
>but without success. The /opt/krb5/ paths have been set in the Makefile, 
>but HAVE_KRB5 is still no defined. Anything else to do here? (used 
>Squid-3.4.11)
>
>
>>
>>
>> Squid-3.5 and later have per-library ./configure options. In the case of
>> Heimdal use --with-heimdal-krb5=PATH
>
>
>tried it with Squid-3.5 and --with-heimdal-krb5=PATH and seems to work 
>until make tries to compile kerberos_ldap_group
>
>make[2]: Entering directory 
>`/usr/src/packages/src/squid-3.5.1/helpers/external_acl/kerberos_ldap_group'
>g++ -DHAVE_CONFIG_H   -I../../.. -I../../../include -I../../../lib -I../../../src 
> -I../../../include  -I/opt/krb5/include  -I/opt/krb5/include   -I.  -Wall  
>-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT 
> -m64 -I/opt/krb5/include   -I/opt/krb5/include -L/opt/krb5/lib -march=native 
> -MT support_krb5.o -MD -MP -MF .deps/support_krb5.Tpo -c -o support_krb5.o 
>support_krb5.cc
>cc1plus: warnings being treated as errors
>support_krb5.cc: In function 'int krb5_create_cache(char*)':
>support_krb5.cc:89:9: error: 'const char* 
>krb5_get_err_text(krb5_context_data*, krb5_error_code)' is deprecated 
>(declared at /opt/krb5/include/krb5-protos.h:2089)
>...
>make[2]: *** [support_krb5.o] Error 1
>make[2]: Leaving directory 
>`/usr/src/packages/src/OSAGsquid-sis/squid-3.5.1/helpers/external_acl/kerberos_ldap_group’
>
>my Heimdal Kerberos (Heimdal 1.3.3) libs seemed no to be compatible with 
>kerberos_ldap_group?!
>
>

I am a bit surprised as I did not see this when testing on freebsd with 
heimdal.   I update my  trunk version at 
https://code.launchpad.net/~huaraz/squid/kerberos-updates. Can you test with 
that and if OK I will ask to include the updates.

>>
>>
>> Amos
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>

Markus

More information about the squid-users mailing list