Hello Amos, Thanks Much for your help on this. I have re-checked all permissions and ownership of the keytab file. Everything looks fine. Same settings I have used before on squid 3.5.x (0440 - root:proxy /etc/krb5.keytab) Yes, keytab has the "proxy" group set - squid user is part of it. Looking at the stderr log, this is all I see: ########################################## pid 85392 (negotiate_kerberos_), uid 100: exited on signal 11 pid 85451 (negotiate_kerberos_), uid 100: exited on signal 11 pid 85555 (negotiate_kerberos_), uid 100: exited on signal 11 pid 85710 (negotiate_kerberos_), uid 100: exited on signal 11 pid 85924 (negotiate_kerberos_), uid 100: exited on signal 11 pid 18353 (negotiate_kerberos_), uid 100: exited on signal 11 pid 18452 (negotiate_kerberos_), uid 100: exited on signal 11 pid 18783 (negotiate_kerberos_), uid 100: exited on signal 11 pid 19021 (negotiate_kerberos_), uid 100: exited on signal 11 pid 19294 (negotiate_kerberos_), uid 100: exited on signal 11 pid 19307 (negotiate_kerberos_), uid 100: exited on signal 11 pid 19532 (negotiate_kerberos_), uid 100: exited on signal 11 pid 19591 (negotiate_kerberos_), uid 100: exited on signal 11 ... ##################################################### Not much uh? I don't see anybody using Kerberos with squid 4.6 on FreeBSD 12 yet, so, I think I am alone for a while. Does it worth to report it to the FreeBSD port (squid) maintainer? Thanks once again! Fabricio. -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries Sent: Sunday, April 21, 2019 3:46 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: SQUID 4.6 - Kerberos Helper Error - FreeBSD On 21/04/19 9:02 am, Fabricio Ferreira wrote: > Hello Everyone, > Greetings. > Recently I had to upgrade my Squid to ver 4.6 - that´s when my > problems started. > I can't use the KERBEROS helper anymore. > I am trying to use exactly the same configurtion I was using for Squid > 3.5.27(by the way, I am using Squid with SAMBA 4.10 – From the command > prompt, everything works fine. Keytab was successfully generated and > it´s working. Was that run as the same low-privilege user account Squid runs it? One thing you can do is use the exact same options (including -d) that Squid uses and see of there is any noticable difference in the stderr log output it produces vs the cache.log entries you provided below. If nothing shows up there, try copy-paste'ing the same "YR ..." line (single line of input) that Squid sends ans see if anything shows up then. The helpers each start by opening /etc/krb5.keytab then immediately switch to separate memory-only keytabs. That may be something going wrong with the /etc/krb5.keytab file access. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
