-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/19/2014 10:32 AM, Victor Sudakov wrote: > Hopefully I can interest our Windows admin to enable Kerberos > event logging per KB262177. > > But for the present I have found an ugly workaround. In squid's > keytab, I created another principal called 'squiduser' with the > same hex key and kvno as that of the principal > 'HTTP/proxy.sibptus.transneft.ru.' > > Of course this required running the squid authentication helper > with the '-s GSS_C_NO_NAME' option. > > And you know what? It works. Browsers are being authenticated all > right. > > This means that the encrypted token is all right, and the problem > was only in the principal name (it being different in the request > and the received ticket). This is quite mysterious to me. Also, > Heimdal error messages definitely suck. > So you actually made it work!?? And about the basic issues that you were having with performance, does it help to run Kerberos instead of NTLM (it should...)? Eliezer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUREBJAAoJENxnfXtQ8ZQUGsgIAJYiK+JM4cRpbaXimVDwj7j6 zKmHpwreZYI1848Bo+Gcfxm4M5m9ia2k53EYYCJ6KdBieu8necYMk7/TUdlYQhx+ Zw/T1SmNNr3vRNgn4vFAOeq+Ro/gPuWbhd0towgrG0XOWZVEoPjIFOrQuIxEv+Hw fa/8YnITpW9ZV6Jlj0NioWAVAwUAlSBK+fZSV2AUM2jt7O095rgzsQAdWNeV2i9n nxbl52flILyXWFbZCCBMH/yGUE4wgK6oazSlAZlOZfB/LwTwyc8DYUj7eeYpkYXj u6vzsVho1hBXCZKnekScDRQT+oKOMxP7CwmMNSVkDYOkI3TjEcYdFXo0NWqTK8o= =OzsW -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
