Now available at
https://bitbucket.org/victor_sudakov/faq/src/tip/FAQ/squid_kerberos.txt
Victor Sudakov wrote:
Colleagues,
I have created a howto in Russian about squid and Kerberos proxy
authentication, addressing also the two problems I personally
encountered while setting all the stuff
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Amos Jeffries wrote:
On 4/11/2014 9:10 p.m., Victor Sudakov wrote:
Now available at
https://bitbucket.org/victor_sudakov/faq/src/tip/FAQ/squid_kerberos.txt
[dd]
If you are going to publish this please use either the official
domains
Colleagues,
I have created a howto in Russian about squid and Kerberos proxy
authentication, addressing also the two problems I personally
encountered while setting all the stuff up.
If any Russian speakers here could review and comment it, I would be
grateful.
The text is at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Victor Sudakov wrote:
And about the basic issues that you were having with performance,
does it help to run Kerberos instead of NTLM (it should...)?
I have even moved squid to a new virtual machine (FreeBSD
9.3-RELEASE under
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/10/2014 7:27 p.m., Victor Sudakov wrote:
Victor Sudakov wrote:
And about the basic issues that you were having with
performance, does it help to run Kerberos instead of NTLM
(it should...)?
I have even moved squid to a new virtual
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/10/2014 5:53 p.m., Victor Sudakov wrote:
Eliezer Croitoru wrote:
And about the basic issues that you were having with performance,
does it help to run Kerberos instead of NTLM (it should...)?
I have even moved squid to a new virtual
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Amos Jeffries wrote:
And about the basic issues that you were having with performance,
does it help to run Kerberos instead of NTLM (it should...)?
I have even moved squid to a new virtual machine (FreeBSD
9.3-RELEASE under VMWare, 1 GB
Eugene M. Zheganin wrote:
On 18.10.2014 16:11, Victor Sudakov wrote:
I thought as much. This error seems suspicious. But why does a second
request not cause the same error?
No idea.
Hopefully I can interest our Windows admin to enable Kerberos event
logging per KB262177.
But for the
Hi.
On 19.10.2014 13:32, Victor Sudakov wrote:
Hopefully I can interest our Windows admin to enable Kerberos event
logging per KB262177.
But for the present I have found an ugly workaround. In squid's keytab, I
created another principal called 'squiduser' with the same hex key and
kvno as
This question is neither exactly squid-related nor Heimdal-related, but
maybe someone guru could shed some light.
I configure MSIE to use the proxy server proxy.sibptus.transneft.ru.
On starting MSIE, some Windows hosts request a ticket for the
principal HTTP/proxy.sibptus.transneft.ru and
Hi Victor,
That sounds a bit strange. Can you capture with wireshark the traffic on
port 88 on the system which has squiduser in the cache ( best after a clear
the cache with kerbtray first) when accessing squid and send it to me as cap
file ?
Markus
Victor Sudakov wrote in message
Markus Moeller wrote:
That sounds a bit strange. Can you capture with wireshark the traffic on
port 88 on the system which has squiduser in the cache ( best after a clear
the cache with kerbtray first) when accessing squid and send it to me as cap
file ?
I am attaching a traffic dump.
Hi.
On 17.10.2014 11:02, Victor Sudakov wrote:
I am attaching a traffic dump.
Please look at Frame No. 36, where a ticket is requested for
HTTP/proxy.sibptus.transneft.ru, and then at Frame No. 39, where
the ticket is granted, but for the wrong principal name.
The thing is, valid exchange
Markus Moeller wrote:
Hi Viktor,
These sections of code do the selection in squid:
char *service_name = (char *) HTTP, *host_name = NULL;
Thanks for posting this. BTW does it mean that the service name HTTP
is hardcoded, and if I wanted to use a principal with a different
service name
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Eliezer Croitoru wrote:
I could find the said script neither in the source nor in the
binary package. However I think I can guess what could be inside.
Could you look below if that makes sense?
Or you can just look at the source code:
Markus Moeller wrote:
I only found the following explanation:
This error will happen if you didn't write the key into the keytab file, or
the permission setting of keytab file reject the read access, or the key
file is not the one you should access (for example, you want
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/08/2014 06:29 AM, Victor Sudakov wrote:
Markus,
I could find the said script neither in the source nor in the
binary package. However I think I can guess what could be inside.
Could you look below if that makes sense?
Or you can just look
Victor Sudakov wrote:
Rafael Akchurin wrote:
I believe I do (but you made me doubt:)
Well, I have tried negotiate_kerberos_auth with Firefox (Windows)
I have tried the same with MSIE 8 (Windows).
It's obviously trying to do NTLM instead of Kerberos (see below). How
do I enable Kerberos
18 matches
Mail list logo