Thanks for the feedback. I will fix the compile warnings. You will always get the 102 error when using firefox as it uses plain GSSAPI token and not SPNEGO token. My code tries to convert an SPNEGO token to a GSSAPI token and if the original token was already a GSSAPI token the routine returns a 1xx error. Regards Markus "miolinux" <miolinux@xxxxxxxxx> wrote in message news:20070712125218.480730dc@xxxxxxxxxxxxxxxxxx On Thu, 12 Jul 2007 09:51:23 +0100 "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx> wrote: > The token seems alright. If you use a recent Kerberos implementation > you should compile with -DHAVE_SPNEGO which will avoid the use of the > spnego helper routines. If you don't run a recent Kerberos > implementation make sure that you use: > for Linux: > -D__LITTLE_ENDIAN__ > for Solaris: > -D__BIG_ENDIAN__ > > As this is important for the spnegohelper. Hi, i've just updated the kdc and the krb5libs on squid host to the "testing" version of debian [krb5 (1.6.dfsg.1-5)]. Now it works! Thank you very much. There's however something i would ask you: With newer kerberos libs works out of the box (./configure;make;make install), however i tried to compile squid_kerb_auth with -DHAVE_SPNEGO adding it to do.sh, but got some warning cc1: warnings being treated as errors squid_kerb_auth.c: In function 'main': squid_kerb_auth.c:195: warning: unused variable 'kerberosTokenLength' squid_kerb_auth.c:180: warning: unused variable 'rc' so i removed "-Werror" from do.sh and it compiled. With both "standard" and "DHAVE_SPNEGO" version of the helper i noticed a strange behaviour in logs: 2007/07/12 12:35:15| squid_kerb_auth: Got 'YR YIICTAYGKwYBBQUCoIICQDCCA jygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKoZIhvcSAQICAwYKKwYBBAGCNwICCqKC AgYEggICYIIB/gYJKoZIhvcSAQICAQBuggHtMIIB6aADAgEFoQMCAQ6iBwMFACAAAACjggE hYYIBHTCCARmgAwIBBaEUGxJTVFVERU5USS5QT0xJVE8uSVSiIjAgoAMCAQKhGTAXGwRIVF RQGw9zcXVpZC5wb2xpdG8uaXSjgdcwgdSgAwIBEKEDAgEDooHHBIHEULBIf35R+xfVHAyVv JcwKbcUUWOzN9q3OgCHceBDUn+L2yYFugILBpLUQ/C3rz++qrpbyLTgc6z2LSssE6sbxDH+ ibG7k73QH5tE8l+sj4NTj217RiwGBMJnUNCP8PMFmYOWmqlYBg9pZzJDTa4KbXtx6i7I3LU ve9wG+YI69f+xVndLN3y3hRbEJgMJcteS9hWrlN3LkiUlH7B0GWcIVqxrADqyHv7hJBhOJF jDw/O8G6AEc6tLCTBZr7fyfZXnaaJcUKSBrjCBq6ADAgEBooGjBIGgpYqE+KOUv+iVkKGc0 eiqzCFI6kiNKt1cwXnTUc8lAwxxPZNfi+CrlfvQc4XsSeJcj0kIeUw0KRSVt0u+fjIA1PVF P8DJmgM443lj7icj7qS0sccPwBD1BL8UX+Q444rFRESr206w+U1VXO92m0WYuqXTehXGZqc tYwNeNpXmLYZ96/rMpyA7h/bCKCG9l5bfcE/4mBpVm24O2//BeKrtXw==' from squid (length: 795). 2007/07/12 12:35:15| squid_kerb_auth: parseNegTokenInit failed with rc=102 2007/07/12 12:35:15| squid_kerb_auth: AF oYGLMIGIoAMKAQChCwYJKoZIgvcSAQI ConQEcmBwBgkqhkiG9xIBAgICAG9hMF+gAwIBBaEDAgEPolMwUaADAgEBokoESLjO9CJpkO4 +UlWAzvSF1DUq620yHD9C1+wnoHbTv6LKzjsN2Se9s7r99fXHEzCK77mXdd10fwhoz7ot+NH U74gmPWgO7Pe2PA== user@xxxxxxxxxxxxxx 2007/07/12 12:35:15| authenticateStart: auth_user_request '0x8423310' Is it normal to get parseNegTokenInit rc=102 error anyway before authenticating the user? Thanks, -- Miolinux
