On Thursday 23 July 2020 00:16:45 Amos Jeffries wrote: > On 22/07/20 8:59 pm, Klaus Brandl wrote: > > but i have compared the encoded string from the auth helper with the > > string at the Proxy-Authentication header from the client with tcpdump, > > and it's exactly the same: > > > > Proxy-Authorization: Negotiate > > YIIGpQYGKwYBBQUCoIIGmTCCBpWgMDAuBgkqhkiC9xIB... > > > > /tmp/ports.squid-4.11pg0.AFNuqpKCuX/squid-4.11/src/auth/negotiate/kerberos > > /negotiate_kerberos_auth.cc(612): pid=28796 :2020/07/21 16:15:12| > > negotiate_kerberos_auth: DEBUG: Got 'YR > > YIIGpQYGKwYBBQUCoIIGmTCCBpWgMDAuBgkqhkiC9xIB... > > > > On the kerberos connection(port 88) i see only the service prinzipal, so i > > am nearly sure, this groups are from the client. > > Okay. If you run the helper manually on command line and pass that same > "YR ..." line Squid is delivering. How long is the result that comes back? thank you, i think you mean this: DEBUG: OK token=oYG3MIG0oAMKAQChCwYJKoZIgvcSAQIC... This is only 254 bytes. > > The helper I/O buffer is 32KB in current Squid. The above test will show > how large it needs to be for your network. Unfortunately changes to this > buffer do need a patch. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users Klaus --- genua GmbH Domagkstrasse 7, 85551 Kirchheim bei Muenchen tel +49 89 991950-0, fax -999, www.genua.de Geschaeftsfuehrer: Matthias Ochs, Marc Tesch Amtsgericht Muenchen HRB 98238 genua ist ein Unternehmen der Bundesdruckerei-Gruppe. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
