Re: Patch to authenticate securely to upstream ISA server(or others)

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Tue, 01 Sep 2009 04:00:16 +0200

Needs quoting:
+ KRB5INCS=`$krb5confpath --cflags krb5 2>/dev/null`
+ KRB5LIBS=`$krb5confpath --libs krb5 2>/dev/null`

(seen twice, Solaris & generic)

Would also be nice if you could update squid_kerb_auth/configure with
this simplified kerberos configure dance. The squid_kerb_auth/configure
in Squid-3.0 adds a bit too many linker flags adding -Lno/lib -Rno/lib
for me and currently prevents it from being packaged for Fedora (build
QA check failure, incorrect run-path)

Regards
Henrik

mån 2009-08-31 klockan 14:03 +0100 skrev Markus Moeller:
> Hi Amos,
>
> find attached a patch against the head release. since I now need
> Kerberos and GSSAPI for the main source I removed the squid_kerb_auth
> configure and replaced the squid_kerb_auth directory with the attached.
>
> I tested on OpenSuse 11 with MIT Kerberos 1.6.3(the default) and Freebsd 7.0
> with Heimdal 1.2.1(added as the older freebsd base Heimdal package creates
> problems as squids asn1.h and krb5_asn1.h have conflicts with oid
> definitions)
>
> Regards
> Markus
>
> ----- Original Message -----
> From: "Amos Jeffries" <squid3_at_treenet.co.nz>
> To: "Markus Moeller" <huaraz_at_moeller.plus.com>
> Cc: <squid-dev_at_squid-cache.org>
> Sent: Tuesday, August 25, 2009 12:38 PM
> Subject: Re: Patch to authenticate securely to upstream ISA server(or
> others)
>
>
> > Markus Moeller wrote:
> >> In some setups the upstream proxy requires a secue authentication method
> >> (Negotiate, NTLM). The attached patches (2.7 and 3.0) allow this with
> >> Negotiate.
> >>
> >> Regards
> >> Markus
> >
> > Hi Markus,
> > Good to see this feature appearing.
> >
> > Just a few things to fix up before this can go in:
> >
> > * Makefile.am lines for linking peer_proxy_negotiate_auth.cc seem to be
> > indented with spaces instead of the automake required tabs.
> >
> > * Unfortunately 3.0 is closed for new features. Can we get a diff
> > against 3.HEAD code please?
> >
> > * there is zero documentation for the new option settings. Please add to
> > the cache_peer entry of src/cf.data.pre with the new details for
> > login=NEGOTIATE.
> >
> > * there is also no documentation for any of the code. Please prefix each
> > new function and global in your new code with at least an overview
> > description of what it does.
> >
> >
> > Amos
> > --
> > Please be using
> > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
> > Current Beta Squid 3.1.0.13
> >
Received on Tue Sep 01 2009 - 02:00:26 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 12:00:08 MDT