Can you capture the traffic on port 88 ? Heimdal has not helpful messages,
so seeing the real traffic may help identifying the issue.
Kinit should create an AS req/rep
the test program creates a TGS req/rep
Example attached if it gets through.
Markus
"Panagiotis Bariamis" <akismpa@xxxxxxxxx> wrote in message
news:CAPxN_PVp9RETXBPZG6ZX5rzNK6Hu-HLxdAagSfgXVcg=DcdGsw@xxxxxxxxxxxxxx... Hello my setup is as follows : Freebsd 11 Heimdal Kerberos Server
and DNS properly configured (testlab enviroment for example.com domain) # klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: http/squid.example.com@xxxxxxxxxxx Issued Expires Principal May 9 15:38:36 2018 May 10 01:38:37 2018 krbtgt/EXAMPLE.COM@xxxxxxxxxxx auth_param negotiate program /usr/local/libexec/squid/negotiate_kerberos_auth auth_param negotiate children 10 startup=1 auth_param negotiate keep_alive on # /usr/local/libexec/squid/negotiate_kerberos_auth_test squid.example.com | awk '{sub(/Token:/,"YR"); print $0}END{print "QQ"}' | /usr/local/libexec/squid/negotiate_kerberos_auth -r -s http/squid.example.com | negotiate_kerberos_auth_test: gss_init_sec_context() failed: An unsupported mechanism was requested. unknown mech-code 0 for mech unknown BH gss_accept_sec_context() failed: A token was invalid. unknown mech-code 0 for mech unknown BH quit command
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users |
Attachment:
krb5.pcap
Description: Binary data
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users