[squid-users] Re: squid proxy kerberos authentication failure. Help!!!

Tue, 24 Dec 2013 04:30:47 -0800

How do you start the service ? Do you use systemctl ? If so you may need to add KRB5_KTNAME=/etc/squid/squid.keytab to 
/etc/sysconfig/squid

Markus

"flypast"  wrote in message news:1387845981524-4664010.p...@n4.nabble.com...

hi Markus,

Please see the below. I just temporally change access control of  keytab
file. Still no lucky

[root@proxy01 squid]# ls -al
total 76
drwxr-xr-x.   2 root root   4096 Dec 23 14:24 .
drwxr-xr-x. 105 root root  12288 Dec 24 11:18 ..
-rw-r--r--.   1 root squid   419 Oct  1 23:40 cachemgr.conf
-rw-r--r--.   1 root root    419 Oct  1 23:40 cachemgr.conf.default
-rw-r--r--.   1 root root   1547 Oct  1 23:40 errorpage.css
-rw-r--r--.   1 root root   1547 Oct  1 23:40 errorpage.css.default
-rw-r--r--.   1 root root  11651 Oct  1 23:40 mime.conf
-rw-r--r--.   1 root root  11651 Oct  1 23:40 mime.conf.default
-rw-r--r--.   1 root root    421 Oct  1 23:40 msntauth.conf
-rw-r--r--.   1 root root    421 Oct  1 23:40 msntauth.conf.default
-rw-r-----.   1 root squid  2758 Dec 23 14:24 squid.conf
-rw-r--r--.   1 root root   2510 Oct  1 23:40 squid.conf.default
*-rwxrwxrwx.   1 root squid   451 Dec 22 13:13 squid.keytab*

In addition.
[root@proxy01 etc]# kinit -kt ./squid/squid.keytab
HTTP/proxy02.deeplayer.com
[root@proxy01 etc]# klist -ekt ./squid/squid.keytab
Keytab name: FILE:./squid/squid.keytab
KVNO Timestamp         Principal
---- -----------------
--------------------------------------------------------
 16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (arcfour-hmac)
 16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (aes128-cts-hmac-sha1-96)
 16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (aes256-cts-hmac-sha1-96)
 16 12/22/13 13:14:31 HTTP/proxy02.deeplayer....@deeplayer.com
(arcfour-hmac)
 16 12/22/13 13:14:31 HTTP/proxy02.deeplayer....@deeplayer.com
(aes128-cts-hmac-sha1-96)
 16 12/22/13 13:14:31 HTTP/proxy02.deeplayer....@deeplayer.com
(aes256-cts-hmac-sha1-96)
[root@proxy01 etc]#



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-proxy-kerberos-authentication-failure-Help-tp4663964p4664010.html Sent from the Squid - Users mailing list archive at Nabble.com.

Reply via email to