On 22/07/20 8:59 pm, Klaus Brandl wrote: > > but i have compared the encoded string from the auth helper with the string > at > the Proxy-Authentication header from the client with tcpdump, and it's > exactly > the same: > > Proxy-Authorization: Negotiate YIIGpQYGKwYBBQUCoIIGmTCCBpWgMDAuBgkqhkiC9xIB... > > /tmp/ports.squid-4.11pg0.AFNuqpKCuX/squid-4.11/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc(612): > > pid=28796 :2020/07/21 16:15:12| negotiate_kerberos_auth: DEBUG: Got 'YR > YIIGpQYGKwYBBQUCoIIGmTCCBpWgMDAuBgkqhkiC9xIB... > > On the kerberos connection(port 88) i see only the service prinzipal, so i am > nearly sure, this groups are from the client. >
Okay. If you run the helper manually on command line and pass that same "YR ..." line Squid is delivering. How long is the result that comes back? The helper I/O buffer is 32KB in current Squid. The above test will show how large it needs to be for your network. Unfortunately changes to this buffer do need a patch. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
