[squid-users] Re: Simple Kerberos/Squid configuration "received type 1 NTLM token" from barbarossa on 2010-09-28 (squid-users)

From: barbarossa <bDmanLIB_at_hotmail.com>
Date: Tue, 28 Sep 2010 05:04:30 -0700 (PDT)

So, I set the following in about:config (Firefox):
*network.auth.use-sspi: false
*network.negotiate-auth.gsslib: C:\Program
Files\MIT\Kerberos\bin\gssapi32.dll
*network.negotiate-auth.using-native-gsslib: false

Then I got in /var/log/squid/cache.log:
squid_kerb_auth: gss_acquire_cred() failed: Unspecified GSS failure. Minor
code may provide more information. No principal in keytab matches desired
name

After searching the mailinglists, I saw that the principal did exist but I
had 2 keytab files. One of them was old and squid used the old one.

Now, Firefox works! Great.

As for IE, it shows a login dialog, when entering username_at_REALM I get:

2010/09/28 11:44:28| squid_kerb_auth: Got 'YR
YIICLgYGKwYBBQUCoIICIjCCAh6gJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCAfQEggHwYIIB7AYJKoZIhvcSAQICAQBuggHbMIIB16ADAgEFoQMCAQ6iBwMFACAAAACjggEFYYIBATCB/qADAgEFoQsbCVZVQi5BQy5CRaImMCSgAwIBAqEdMBsbBEhUVFAbE2JpYmxwYzA4My5WVUIuQUMuQkWjgcEwgb6gAwIBF6EDAgEDooGxBIGuRlcmAe5EkRJ96vVgsuXySbzRyqbhbf0Ciymg0M2PTGhZzGNygccoy7qFrSK0IL1mlFZrtR/9kjAFvEOrbi5MQKvhTKelWJ+AW5sNSv0MCLrifZ9I4iYVzC8ykuEuynLFVNrFrXvR1X8o9GE0WKBiQH1qGrLPihRqqxVTwPIYFjvJHfOj4hNQKYoNgTPe8gyVOcoFNgSKM5x8nvUo7yMkMGDZl37rKEN+SF5T1RclpIG4MIG1oAMCAReiga0EgaohkYCppLKIRyD9lOdHwFa892QilUpoDEON8P6RpBbDaANc/2QRKk3inxTujwUzUuDZ7yd2w7oYHzRtnT8I2UUWN31lPIZpinURAtVq87klW9SCQkjBy7Kco2HdvicJnwUcnpk28X0nOsjol0Mm+4ysDDBe4aCzN3Qd6fjdsOvH8/Eh5ckCMlBTr3sLhrfmQGnmmqAHztvL54g87c2Qq+xHvvU5F/6pIE/U7Q=='
from squid (length: 755).
2010/09/28 11:44:28| squid_kerb_auth: parseNegTokenInit failed with rc=102
2010/09/28 11:44:28| squid_kerb_auth: gss_accept_sec_context() failed:
Unspecified GSS failure. Minor code may provide more information. Key table
entry not found

So, IE does not use the MIT kerberos ticket I created. Is there a way to
configure it?

Thanks.

-- 
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Simple-Kerberos-Squid-configuration-received-type-1-NTLM-token-tp2553379p2717106.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Received on Tue Sep 28 2010 - 12:04:32 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 29 2010 - 12:00:04 MDT