How do you start the service ? Do you use systemctl ? If so you may need
to add KRB5_KTNAME=/etc/squid/squid.keytab to
/etc/sysconfig/squid
Markus
"flypast" wrote in message news:1387845981524-4664010.post@xxxxxxxxxxxxx...
hi Markus,
Please see the below. I just temporally change access control of keytab
file. Still no lucky
[root@proxy01 squid]# ls -al
total 76
drwxr-xr-x. 2 root root 4096 Dec 23 14:24 .
drwxr-xr-x. 105 root root 12288 Dec 24 11:18 ..
-rw-r--r--. 1 root squid 419 Oct 1 23:40 cachemgr.conf
-rw-r--r--. 1 root root 419 Oct 1 23:40 cachemgr.conf.default
-rw-r--r--. 1 root root 1547 Oct 1 23:40 errorpage.css
-rw-r--r--. 1 root root 1547 Oct 1 23:40 errorpage.css.default
-rw-r--r--. 1 root root 11651 Oct 1 23:40 mime.conf
-rw-r--r--. 1 root root 11651 Oct 1 23:40 mime.conf.default
-rw-r--r--. 1 root root 421 Oct 1 23:40 msntauth.conf
-rw-r--r--. 1 root root 421 Oct 1 23:40 msntauth.conf.default
-rw-r-----. 1 root squid 2758 Dec 23 14:24 squid.conf
-rw-r--r--. 1 root root 2510 Oct 1 23:40 squid.conf.default
*-rwxrwxrwx. 1 root squid 451 Dec 22 13:13 squid.keytab*
In addition.
[root@proxy01 etc]# kinit -kt ./squid/squid.keytab
HTTP/proxy02.deeplayer.com
[root@proxy01 etc]# klist -ekt ./squid/squid.keytab
Keytab name: FILE:./squid/squid.keytab
KVNO Timestamp Principal
---- -----------------
--------------------------------------------------------
16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (arcfour-hmac)
16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (aes128-cts-hmac-sha1-96)
16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (aes256-cts-hmac-sha1-96)
16 12/22/13 13:14:31 HTTP/proxy02.deeplayer.com@xxxxxxxxxxxxx
(arcfour-hmac)
16 12/22/13 13:14:31 HTTP/proxy02.deeplayer.com@xxxxxxxxxxxxx
(aes128-cts-hmac-sha1-96)
16 12/22/13 13:14:31 HTTP/proxy02.deeplayer.com@xxxxxxxxxxxxx
(aes256-cts-hmac-sha1-96)
[root@proxy01 etc]#
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-proxy-kerberos-authentication-failure-Help-tp4663964p4664010.html
Sent from the Squid - Users mailing list archive at Nabble.com.