Project

General

Profile

Actions
Copy link

Bug #4518

closed

Pfsense 2.2 squid3 + negotiate_kerberos_auth

Added by alx bob over 10 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Squid
Target version:
-
Start date:
03/13/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:

Description

After a lot of digging around i cant get squid3 authenticate with kerberos... i have done it with squid2 with the same setup...
In squid3 gssapi.spnego.so.10 is missing and kerberos wrapper cant handle authentication! Anyone got some fix for this bug?

negotiate_kerberos_auth.cc(258): pid=34892 :2015/03/11 21:07:07| negotiate_kerberos_auth: DEBUG: Got 'YR YIIG1gYGKwYBBQUCoIIGyjCCBsagMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBpAEggaMYIIGiAYJKoZIhvcSAQICAQBuggZ3MIIGc6ADAgEFoQMCAQ6iBwMFACAAAACjggT5YYIE9TCCBPGgAwIBBaELGwlURVNUREMuR1KiIjAgoAMCAQKhGTAXGwRIVFRQGw9zcXVpZC50ZXN0ZGMuZ3KjggS3MIIEs6ADAgEXoQMCASWiggSlBIIEob6G+n+N9ouocW4KCrz0LJHne6xki8vvihpDd7/XWy743/R0ouxJe1I+BqN6Lm4yu/4RBJWqW0FT0lsQ71l31sOAdXU4bYMf6mE5PA5LFgOxOPulStLyLgGZKTAVf6OPD3cLW57ysrg0sle4HKnPmCt2SrTmvs9gBlrjJd9RJ4tJX9NDzVlswliA8kRiu+3fXQ82gdgafmcgsl0/iQRNkJleG2glgdD542TZ/b2f0QYQ1roMnjzFAk/PoGEqLO+31wNKQKnAKkOHICP0da7qvY89sjUs7H4ZsRTLMQZQtyqgR+pTtV247nYvyVsrc96tI3jgkOqxe6VqRn1S8EC8aBP1aOTN5E2vWLmfLJIN7X9Kvz62Q3ysFVioGxMFO/mU62Q6Y/pLFxBbwIFuLlfU9WaxZWN98Ha5cGkrdE8SdX/wUNui/ka20zzFL2dwgQM1UfyjA7BecYuXhZQqlLZBLgAfmxWEpOAJQr/7EiQYX0l6T5VjnESlhz7qdox6MdZYRHsPIeod+eYCAlZbMjHHdtVqBXJE5sJ5z7R+DteRrzapd+L23RjVPiaJEU9JYyY73XVNkfuOXc2vfAr0q7oD6CSdwwLo6mmtKGLUl+e7XJ0si7SaOhsFd5TRx/+bIVKgNJ5w6GTEUaW5Kl90hKSFd5yyvV2WYKoXAp8H81uWSWbmVnS1baAmfwuAutRZ7648Vp6kYt/FgVTtMzNsaJRcMUzjZbT13XDnnyGmEz1l6OjG/UdHfFoLwYuUxOn2YrOnaP8PamImc0NnOG9X2Xfqh13Wbh8t7rxFw1gO3oC8PbNT3NMIqgv2bUVeh+00lSz24McCv3DncBqsjppW4RdHQ0o0BpERY0UOThdCoUcZEE47WK2gH1YnEoSnM5IRDYN36IF2d19jYDXmvCmd75nQ5LM9/625vFWt+YjA5kTQ3sjQTJEeHgf7bnfVz0ftmgGA5BwKhAk6SUOfmDhOOcz3yh7ebbOfh1bio9GSxhuSM61ZuYl6HVdaHVzcOqEOFORxYxW+l34AbsgcL4OnbEtktquic8hO3gfmU9GA/1feZhu/68WhZI8ikS6ymAsBSUGZuduO+savLA/au7L3uWkzIo5JZRKlH14Nak5P1iZxiL0+MIgoAOdCjsfBr23BsWWWmtS4yQ6etqAwYtL39c0XJd3TwzJ+ezHSM+zwinrSDK8GsFRUhU0E9POwI9sINp+RfH5RB6Qixy0VKXFDcDkm/bjBNfL9ydGAw6aDKSBB3grL3raB6yE6GoNTgQm7cPFlitPU6AMaSPHcshCTUHXGvhbFYNbLGCJxqQubXp/xIcxSx6/u3oSH0ULuliROS8eOVf/83f+SVRcJ64l5U4Aa+6j3pxBD1D0eUx2NELx/MkM4oHHdKcRuKxiyfgm5PZgsaCe0gY7C68uSyJnYvKXwxALmLndVAyRm5+BV7NgUGViVzRLjjzURAte8MVOGQiCmf9JVeSd0PcOQ1z7g2BNO0NxATo7ZECHjm/BM1RdXpMec63os8jr1raxZq/ABYv8yf3fYB6QH8M077ApaLEasKjNO0d/3txHJJJr+m1wwLDSTXaSCAV8wggFboAMCAReiggFSBIIBTjkhm8waTI9WA46+3cynSauk675Nif9d6zdT/YxZBqDilid8Q6KMdI5wV51nVjDnDrzzLEypqza8xriv+vUBsQpa1TF6NbeuIQw9csiwj5M68m5YroN9nuEOgmPWFi8kaoxoCFWgMsi59vCpULcG9g7ZEEnPuX4y9AFwC7sax2KY3b5t1OIPKS3nIiAVJTAvCbgOnrOk3IJ71Mz8vQBMyCJhQCPKXtzoinAHnKv2UkmSQpo6a0eMOtBZBM4QYCOPmmVrtHqAAWQ0zOs1hbYtoMkN12rA8Ag02rk8BSumub+SUfHbJ7+1Fks9xZiDgCOWKS/7soBTWNNJ40QPC3ncpfcBf2irWZHYR+QerI8OWu36yd6dzD1hahYsabw3Yk2kbnz3yIczu+cy12dxmpC8lbaUfL5RWjLlVPb7UheEDaFEH2k4i0Zqwuku+/q4ryI=' from squid (length: 2343).
negotiate_kerberos_auth.cc(311): pid=34892 :2015/03/11 21:07:07| negotiate_kerberos_auth: DEBUG: Decode 'YIIG1gYGKwYBBQUCoIIGyjCCBsagMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBpAEggaMYIIGiAYJKoZIhvcSAQICAQBuggZ3MIIGc6ADAgEFoQMCAQ6iBwMFACAAAACjggT5YYIE9TCCBPGgAwIBBaELGwlURVNUREMuR1KiIjAgoAMCAQKhGTAXGwRIVFRQGw9zcXVpZC50ZXN0ZGMuZ3KjggS3MIIEs6ADAgEXoQMCASWiggSlBIIEob6G+n+N9ouocW4KCrz0LJHne6xki8vvihpDd7/XWy743/R0ouxJe1I+BqN6Lm4yu/4RBJWqW0FT0lsQ71l31sOAdXU4bYMf6mE5PA5LFgOxOPulStLyLgGZKTAVf6OPD3cLW57ysrg0sle4HKnPmCt2SrTmvs9gBlrjJd9RJ4tJX9NDzVlswliA8kRiu+3fXQ82gdgafmcgsl0/iQRNkJleG2glgdD542TZ/b2f0QYQ1roMnjzFAk/PoGEqLO+31wNKQKnAKkOHICP0da7qvY89sjUs7H4ZsRTLMQZQtyqgR+pTtV247nYvyVsrc96tI3jgkOqxe6VqRn1S8EC8aBP1aOTN5E2vWLmfLJIN7X9Kvz62Q3ysFVioGxMFO/mU62Q6Y/pLFxBbwIFuLlfU9WaxZWN98Ha5cGkrdE8SdX/wUNui/ka20zzFL2dwgQM1UfyjA7BecYuXhZQqlLZBLgAfmxWEpOAJQr/7EiQYX0l6T5VjnESlhz7qdox6MdZYRHsPIeod+eYCAlZbMjHHdtVqBXJE5sJ5z7R+DteRrzapd+L23RjVPiaJEU9JYyY73XVNkfuOXc2vfAr0q7oD6CSdwwLo6mmtKGLUl+e7XJ0si7SaOhsFd5TRx/+bIVKgNJ5w6GTEUaW5Kl90hKSFd5yyvV2WYKoXAp8H81uWSWbmVnS1baAmfwuAutRZ7648Vp6kYt/FgVTtMzNsaJRcMUzjZbT13XDnnyGmEz1l6OjG/UdHfFoLwYuUxOn2YrOnaP8PamImc0NnOG9X2Xfqh13Wbh8t7rxFw1gO3oC8PbNT3NMIqgv2bUVeh+00lSz24McCv3DncBqsjppW4RdHQ0o0BpERY0UOThdCoUcZEE47WK2gH1YnEoSnM5IRDYN36IF2d19jYDXmvCmd75nQ5LM9/625vFWt+YjA5kTQ3sjQTJEeHgf7bnfVz0ftmgGA5BwKhAk6SUOfmDhOOcz3yh7ebbOfh1bio9GSxhuSM61ZuYl6HVdaHVzcOqEOFORxYxW+l34AbsgcL4OnbEtktquic8hO3gfmU9GA/1feZhu/68WhZI8ikS6ymAsBSUGZuduO+savLA/au7L3uWkzIo5JZRKlH14Nak5P1iZxiL0+MIgoAOdCjsfBr23BsWWWmtS4yQ6etqAwYtL39c0XJd3TwzJ+ezHSM+zwinrSDK8GsFRUhU0E9POwI9sINp+RfH5RB6Qixy0VKXFDcDkm/bjBNfL9ydGAw6aDKSBB3grL3raB6yE6GoNTgQm7cPFlitPU6AMaSPHcshCTUHXGvhbFYNbLGCJxqQubXp/xIcxSx6/u3oSH0ULuliROS8eOVf/83f+SVRcJ64l5U4Aa+6j3pxBD1D0eUx2NELx/MkM4oHHdKcRuKxiyfgm5PZgsaCe0gY7C68uSyJnYvKXwxALmLndVAyRm5+BV7NgUGViVzRLjjzURAte8MVOGQiCmf9JVeSd0PcOQ1z7g2BNO0NxATo7ZECHjm/BM1RdXpMec63os8jr1raxZq/ABYv8yf3fYB6QH8M077ApaLEasKjNO0d/3txHJJJr+m1wwLDSTXaSCAV8wggFboAMCAReiggFSBIIBTjkhm8waTI9WA46+3cynSauk675Nif9d6zdT/YxZBqDilid8Q6KMdI5wV51nVjDnDrzzLEypqza8xriv+vUBsQpa1TF6NbeuIQw9csiwj5M68m5YroN9nuEOgmPWFi8kaoxoCFWgMsi59vCpULcG9g7ZEEnPuX4y9AFwC7sax2KY3b5t1OIPKS3nIiAVJTAvCbgOnrOk3IJ71Mz8vQBMyCJhQCPKXtzoinAHnKv2UkmSQpo6a0eMOtBZBM4QYCOPmmVrtHqAAWQ0zOs1hbYtoMkN12rA8Ag02rk8BSumub+SUfHbJ7+1Fks9xZiDgCOWKS/7soBTWNNJ40QPC3ncpfcBf2irWZHYR+QerI8OWu36yd6dzD1hahYsabw3Yk2kbnz3yIczu+cy12dxmpC8lbaUfL5RWjLlVPb7UheEDaFEH2k4i0Zqwuku+/q4ryI=' (decoded length: 1754).
dlopen: Cannot open "/usr/lib/libgssapi_spnego.so.10"

Actions
Copy link
 #1

Updated by alx bob over 10 years ago

kid1| ERROR: Negotiate Authentication validating user. Error returned ‘BH gss_accept_sec_context() failed: Miscellaneous failure (see text). unknown mech-code 0 for mech unknown’
negotiate_kerberos_auth: INFO: User not authenticated

Actions
Copy link
 #2

Updated by Chris Buechler almost 10 years ago

  • Affected Version changed from 2.2 to All
Actions
Copy link
 #3

Updated by Kill Bill almost 10 years ago

Cannot exactly see where's it missing?

# ldd /usr/pbi/squid-amd64/local/libexec/squid/negotiate_kerberos_auth
/usr/pbi/squid-amd64/local/libexec/squid/negotiate_kerberos_auth:
        libgssapi.so.10 => /usr/lib/libgssapi.so.10 (0x80084e000)
        libgssapi_krb5.so.10 => /usr/lib/libgssapi_krb5.so.10 (0x800a57000)
        libheimntlm.so.11 => /usr/lib/libheimntlm.so.11 (0x800c75000)
        libkrb5.so.11 => /usr/lib/libkrb5.so.11 (0x800e7b000)
        libhx509.so.11 => /usr/lib/libhx509.so.11 (0x8010f3000)
        libcom_err.so.5 => /usr/lib/libcom_err.so.5 (0x80133d000)
        libcrypto.so.7 => /lib/libcrypto.so.7 (0x80153f000)
        libasn1.so.11 => /usr/lib/libasn1.so.11 (0x801934000)
        libwind.so.11 => /usr/lib/libwind.so.11 (0x801bd1000)
        libheimbase.so.11 => /usr/lib/libheimbase.so.11 (0x801df9000)
        libroken.so.11 => /usr/lib/libroken.so.11 (0x801ffd000)
        libcrypt.so.5 => /lib/libcrypt.so.5 (0x80220f000)
        libm.so.5 => /lib/libm.so.5 (0x80242f000)
        libc++.so.1 => /usr/lib/libc++.so.1 (0x802657000)
        libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x802917000)
        libthr.so.3 => /lib/libthr.so.3 (0x802b32000)
        libc.so.7 => /lib/libc.so.7 (0x802d57000)
        libheimipcc.so.11 => /usr/lib/private/libheimipcc.so.11 (0x8030e9000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x8032eb000)

# file /usr/lib/libgssapi.so.10
/usr/lib/libgssapi.so.10: ELF 64-bit LSB shared object, x86-64, version 1 (FreeBSD), dynamically linked, stripped
Actions
Copy link
 #4

Updated by Kill Bill almost 9 years ago

2.2.x packages are not maintained, please close.

Actions
Copy link
 #5

Updated by Renato Botelho almost 9 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF