On 22/07/20 8:59 pm, Klaus Brandl wrote:
> 
> but i have compared the encoded string from the auth helper with the string 
> at 
> the Proxy-Authentication header from the client with tcpdump, and it's 
> exactly 
> the same:
> 
> Proxy-Authorization: Negotiate YIIGpQYGKwYBBQUCoIIGmTCCBpWgMDAuBgkqhkiC9xIB...
> 
> /tmp/ports.squid-4.11pg0.AFNuqpKCuX/squid-4.11/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc(612):
>  
> pid=28796 :2020/07/21 16:15:12| negotiate_kerberos_auth: DEBUG: Got 'YR 
> YIIGpQYGKwYBBQUCoIIGmTCCBpWgMDAuBgkqhkiC9xIB...
> 
> On the kerberos connection(port 88) i see only the service prinzipal, so i am 
> nearly sure, this groups are from the client.
> 

Okay. If you run the helper manually on command line and pass that same
"YR ..." line Squid is delivering. How long is the result that comes back?

The helper I/O buffer is 32KB in current Squid. The above test will show
how large it needs to be for your network. Unfortunately changes to this
buffer do need a patch.


Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to