Re: Patch to authenticate securely to upstream ISA server(or others)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Mon, 31 Aug 2009 14:03:53 +0100

Hi Amos,

   find attached a patch against the head release. since I now need
Kerberos and GSSAPI for the main source I removed the squid_kerb_auth
configure and replaced the squid_kerb_auth directory with the attached.

I tested on OpenSuse 11 with MIT Kerberos 1.6.3(the default) and Freebsd 7.0
with Heimdal 1.2.1(added as the older freebsd base Heimdal package creates
problems as squids asn1.h and krb5_asn1.h have conflicts with oid
definitions)

Regards
Markus

----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: "Markus Moeller" <huaraz_at_moeller.plus.com>
Cc: <squid-dev_at_squid-cache.org>
Sent: Tuesday, August 25, 2009 12:38 PM
Subject: Re: Patch to authenticate securely to upstream ISA server(or
others)

> Markus Moeller wrote:
>> In some setups the upstream proxy requires a secue authentication method
>> (Negotiate, NTLM). The attached patches (2.7 and 3.0) allow this with
>> Negotiate.
>>
>> Regards
>> Markus
>
> Hi Markus,
> Good to see this feature appearing.
>
> Just a few things to fix up before this can go in:
>
> * Makefile.am lines for linking peer_proxy_negotiate_auth.cc seem to be
> indented with spaces instead of the automake required tabs.
>
> * Unfortunately 3.0 is closed for new features. Can we get a diff
> against 3.HEAD code please?
>
> * there is zero documentation for the new option settings. Please add to
> the cache_peer entry of src/cf.data.pre with the new details for
> login=NEGOTIATE.
>
> * there is also no documentation for any of the code. Please prefix each
> new function and global in your new code with at least an overview
> description of what it does.
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
> Current Beta Squid 3.1.0.13
>

Received on Mon Aug 31 2009 - 13:16:57 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 12:00:08 MDT