Search squid archive

Re: Re: squid_kerb_auth - Negotiate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The token seems alright. If you use a recent Kerberos implementation you 
should compile with -DHAVE_SPNEGO which will avoid the use of the spnego 
helper routines. If you don't run a recent Kerberos implementation make sure 
that you use:
for  Linux:
 -D__LITTLE_ENDIAN__
for Solaris:
 -D__BIG_ENDIAN__

As this is important for the spnegohelper.

Regards
Markus

"miolinux" <miolinux@xxxxxxxxx> wrote in message 
news:20070712101259.3d81ccd9@xxxxxxxxxxxxxxxxxx
> On Wed, 11 Jul 2007 21:55:56 +0100
> "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx> wrote:
>
>> The return code 102 of parseNegTokenInit  usually means the token is
>> not a SPNEGO token.  Could you sned me the complete token ?
>
> Sure, here it is (full debug output (level 9) can also be sent if
> needed)
>
> 2007/07/11 17:00:22| squid_kerb_auth: Got 'YR 
> YIICTAYGKwYBBQUCoIICQDCCAjygMDAuBgk
> qhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKCAgYEggICYIIB/gYJKoZI
> hvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACAAAACjggEhYYIBHTCCARmgAwIBBaEUGxJTVFVER
> U5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVFRQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEK
> EDAgEDooHHBIHEWyFsulqOVPaP44POoDEBOs1Gz02LEdTBrYYGsJTDp4RGOUuEwY+GHPaJSSx/HtNNq76
> XwssFV6tmiqsJw3MVwZ5EyakJwyYVjEbSuB9qmoOCOGFUmdiaogv9mQayHyOZXJA+54wmYmXn19RpOx7g
> WpCYtoxZ9MBtanCWMSWp6glY0jVpi/hHdPzTD8uGQ2asR/kcqHxdPTslL1pH5uC+Bunk6C9ukVj9/Oe9e
> dQRFsBHwHw14aaKQKmPQnH4liYcqFjRvqSBrjCBq6ADAgEBooGjBIGgX7XTlG0dTRI7Uz42jvA47p09tu
> 5Yh7zu/BuNKLILo4WcC1JGThjBQQZyL5cKWqmLIsI4+hUpeUdvIuU8J642Hnv2xZ3rcMloSWWeflan682
> 8a8ONLUq9sUnUgxWMOrFpDEkmL7bUhGB7kniaOCAH552mp86gHHOeYHb/QU7c9rSFHb4HcnGYw9QuUSlE
> n0Xd9w52gYAqz7x7qwAeEi0+Zg==' from squid (length: 795).
> 2007/07/11 17:00:22| squid_kerb_auth: parseNegTokenInit failed with rc=102
> 2007/07/11 17:00:22| squid_kerb_auth: gss_accept_sec_context() failed: A 
> token was invalid. Mechanism is incorrect
>
> It was sent by a Firefox 2.0.0.4 on a Win2000 Computer.
>
>
>>
>> Which Kerberos release are you using ?
>
>
> Debian Etch current one.
> krb5 (1.4.4-7etch2)
>
> Uoah, that's old!, didn't notice before.
> Do you think kerberos 1.5.* or even 1.6.* will work better? (aka should
> i upgrade kerberos to make things works?)
>
> Tomorrow i think i'll do some other tests with ie7 and maybe i'll try with 
> a different kerberos version.
>
> Regards
>
> --
> Miolinux
>
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux