[squid-users] Kerberos Heimdal Server Authentication
Panagiotis Bariamis
akismpa at gmail.com
Wed May 9 13:30:01 UTC 2018
Hello my setup is as follows :
Freebsd 11 Heimdal Kerberos Server and DNS properly configured (testlab
enviroment for example.com domain)
Freebsd 11 squid proxy server
Windows Client
I have created a keytab from the Kerberos Server for http/squid.example.com
Proxy server machine has no problem kinit ing with the keytab file and gets
a ticket
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: http/squid.example.com at EXAMPLE.COM
Issued Expires Principal
May 9 15:38:36 2018 May 10 01:38:37 2018 krbtgt/EXAMPLE.COM at EXAMPLE.COM
My squid.conf is as follows concerning the authentication :
auth_param negotiate program
/usr/local/libexec/squid/negotiate_kerberos_auth
auth_param negotiate children 10 startup=1
auth_param negotiate keep_alive on
Trying to use :
# /usr/local/libexec/squid/negotiate_kerberos_auth_test squid.example.com
| awk '{sub(/Token:/,"YR"); print $0}END{print "QQ"}'
| /usr/local/libexec/squid/negotiate_kerberos_auth -r -s http/
squid.example.com
fails with :
| negotiate_kerberos_auth_test: gss_init_sec_context() failed: An
unsupported mechanism was requested. unknown mech-code 0 for mech unknown
BH gss_accept_sec_context() failed: A token was invalid. unknown mech-code
0 for mech unknown
BH quit command
Any ideas ?
Thank you ,
Bariamis Panagiotis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180509/66aa7adc/attachment.html>
More information about the squid-users
mailing list