-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eliezer Croitoru wrote: > > Hopefully I can interest our Windows admin to enable Kerberos > > event logging per KB262177. > > > > But for the present I have found an ugly workaround. In squid's > > keytab, I created another principal called 'squiduser' with the > > same hex key and kvno as that of the principal > > 'HTTP/proxy.sibptus.transneft.ru.' > > > > Of course this required running the squid authentication helper > > with the '-s GSS_C_NO_NAME' option. > > > > And you know what? It works. Browsers are being authenticated all > > right. > > > > This means that the encrypted token is all right, and the problem > > was only in the principal name (it being different in the request > > and the received ticket). This is quite mysterious to me. Also, > > Heimdal error messages definitely suck. > > > So you actually made it work!?? Yes, I have. > > And about the basic issues that you were having with performance, does > it help to run Kerberos instead of NTLM (it should...)? The performance is still poor, much worse than that of squid27 with the NTLM authenticator. - -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJURfHEAAoJEA2k8lmbXsY0n8sIAJzxIBL3LoC+oUKEMC4wBHIs bTYrLHT9DgJp48G66KZoIBocCXRmHKE4ZhGyHHU7NyPlYUABgqEmk+GBx6IhEoYU GZDugLbm9tefg4Kpnd/DZiWknlzw/Ps44bSTKDFctI/lkuC3rwlxCiU6a2nQLp/m OibWBgJS4ob7Ryca1v3wNYWuTwazOjl5h8QelJdwbQCQDdgJCA0QsFDe4S2CHrFs ldCxivkXOJewLj5MzVjHBuHC7leYK1RQHcbbh4n66uhiX6t6CBg7ZCOXqg6wrF+0 7UQOT8283B3nK44mpGhDroK1wWUoxGeYZe2Jxd/2X2+Gx1PMxXQlnwZDVsw0y44= =rkPI -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
