Hi all,
Fabian Hugelshofer wrote:
Markus Moeller wrote:
Continuation needed means that the GSSAPI exchange has not finished
and the server needs more data from the client. Can you see in
wireshark if the token length is the one squid_kerb_auth says it is
> squid_kerb_auth: Got 'YRYI...' from squid (length: 3607)
Update: I could find the reason for the error message. Even though it
was a hierarchical domain structure, the proxy server performed a
transit domain path verification. One domain of the path was not in the
transited domains list. Not sure whether this is a Microsoft or Heimdal
issue.
As a workaround I manually spefified the list of transit domains in the
[capatsh] section of krb5.conf. This made it work.
For details see my posts on the Heimdal mailing list:
https://list.sics.se/sympa/arc/heimdal-discuss/2010-03/msg00096.html
Regards,
Fabian