[squid-users] Windows 7 + Firefox + Squid + Kerberos

From: Allan Carvalho <allanc_at_outlook.com>
Date: Thu, 24 Oct 2013 16:17:18 -0200

- Squid 3.1.20-2.2
- Debian 7.2
- Windows Server 2012
- Windows 7 64bits (client)
- Mozilla Firefox 24 32 bits

In this environment,authentication is donevia
Kerberos,withkeypadgenerated byktpass.

My keypad:

root_at_japura:/etc/squid3# klist -ekt squid.keytab
Keytab name: FILE:squid.keytab
KVNO Timestamp Principal
---- -------------------
------------------------------------------------------
     3 31-12-1969 21:00:00 HTTP/squidsrv.example.com_at_EXAMPLE.COM
(des-cbc-crc)
     3 31-12-1969 21:00:00
HTTP/squidsrv.example.com_at_EXAMPLE.COM (des-cbc-md5)
     3 31-12-1969 21:00:00
HTTP/squidsrv.example.com_at_EXAMPLE.COM (arcfour-hmac)
     3 31-12-1969 21:00:00
HTTP/squidsrv.example.com_at_EXAMPLE.COM (aes256-cts-hmac-sha1-96)
     3 31-12-1969 21:00:00
HTTP/squidsrv.example.com_at_EXAMPLE.COM (aes128-cts-hmac-sha1-96)

AuthenticationIEandChromegoes smoothly, not in Firefox, in cache.log i have:

authenticateNegotiateHandleReply: Error validating user via Negotiate.
Error returned 'BH gss_accept_sec_context() failed: An unsupported
mechanism was requested. '

I tried to fill network.negotiate-auth.trusted-uris with example.com (my
domain) in about:config but without success.

I tried to generate the keytab with msktutil, no success.

Could someone please help me? It's a Windows 7 bug, a Mozilla Firefox
bug or a wrong keytab?

Would be grateful to receive a light.

Best Regards,
Allan Carvalho
Received on Thu Oct 24 2013 - 18:17:36 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 25 2013 - 12:00:26 MDT