Re: Patch to authenticate securely to upstream ISA server(or others)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Tue, 1 Sep 2009 19:55:47 +0100

Henrik,

   I updated the patch. I also said that I removed the configure from
squid_kerb_auth by replacing the whole squid_kerb_auth directory with the
attached tar file (to the previous post) which hopefully fixes the fedora
build.

Thank you
Markus

"Henrik Nordstrom" <henrik_at_henriknordstrom.net> wrote in message
news:1251770416.16800.65.camel_at_henriknordstrom.net...
> Needs quoting:
> + KRB5INCS=`$krb5confpath --cflags krb5 2>/dev/null`
> + KRB5LIBS=`$krb5confpath --libs krb5 2>/dev/null`
>
> (seen twice, Solaris & generic)
>
>
> Would also be nice if you could update squid_kerb_auth/configure with
> this simplified kerberos configure dance. The squid_kerb_auth/configure
> in Squid-3.0 adds a bit too many linker flags adding -Lno/lib -Rno/lib
> for me and currently prevents it from being packaged for Fedora (build
> QA check failure, incorrect run-path)
>
> Regards
> Henrik
>
>
> mån 2009-08-31 klockan 14:03 +0100 skrev Markus Moeller:
>> Hi Amos,
>>
>> find attached a patch against the head release. since I now need
>> Kerberos and GSSAPI for the main source I removed the squid_kerb_auth
>> configure and replaced the squid_kerb_auth directory with the attached.
>>
>> I tested on OpenSuse 11 with MIT Kerberos 1.6.3(the default) and Freebsd
>> 7.0
>> with Heimdal 1.2.1(added as the older freebsd base Heimdal package
>> creates
>> problems as squids asn1.h and krb5_asn1.h have conflicts with oid
>> definitions)
>>
>> Regards
>> Markus
>>
>> ----- Original Message -----
>> From: "Amos Jeffries" <squid3_at_treenet.co.nz>
>> To: "Markus Moeller" <huaraz_at_moeller.plus.com>
>> Cc: <squid-dev_at_squid-cache.org>
>> Sent: Tuesday, August 25, 2009 12:38 PM
>> Subject: Re: Patch to authenticate securely to upstream ISA server(or
>> others)
>>
>>
>> > Markus Moeller wrote:
>> >> In some setups the upstream proxy requires a secue authentication
>> >> method
>> >> (Negotiate, NTLM). The attached patches (2.7 and 3.0) allow this with
>> >> Negotiate.
>> >>
>> >> Regards
>> >> Markus
>> >
>> > Hi Markus,
>> > Good to see this feature appearing.
>> >
>> > Just a few things to fix up before this can go in:
>> >
>> > * Makefile.am lines for linking peer_proxy_negotiate_auth.cc seem to
>> > be
>> > indented with spaces instead of the automake required tabs.
>> >
>> > * Unfortunately 3.0 is closed for new features. Can we get a diff
>> > against 3.HEAD code please?
>> >
>> > * there is zero documentation for the new option settings. Please add
>> > to
>> > the cache_peer entry of src/cf.data.pre with the new details for
>> > login=NEGOTIATE.
>> >
>> > * there is also no documentation for any of the code. Please prefix
>> > each
>> > new function and global in your new code with at least an overview
>> > description of what it does.
>> >
>> >
>> > Amos
>> > --
>> > Please be using
>> > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>> > Current Beta Squid 3.1.0.13
>> >
>
>

Received on Tue Sep 01 2009 - 18:57:26 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 08 2009 - 12:00:03 MDT