Hi all,
Fabian Hugelshofer wrote:
> Markus Moeller wrote:
>> Continuation needed means that the GSSAPI exchange has not finished
>> and the server needs more data from the client. Can you see in
>> wireshark if the token length is the one squid_kerb_auth says it is
>> > squid_kerb_auth: Got 'YRYI...' from squid (length: 3607)
Update: I could find the reason for the error message. Even though it
was a hierarchical domain structure, the proxy server performed a
transit domain path verification. One domain of the path was not in the
transited domains list. Not sure whether this is a Microsoft or Heimdal
issue.
As a workaround I manually spefified the list of transit domains in the
[capatsh] section of krb5.conf. This made it work.
For details see my posts on the Heimdal mailing list:
https://list.sics.se/sympa/arc/heimdal-discuss/2010-03/msg00096.html
Regards,
Fabian
Received on Thu Apr 22 2010 - 11:05:25 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 22 2010 - 12:00:05 MDT