Univention Bugzilla – Attachment 10808 Details for
Bug 53648
Squid with kerberos uses wrong keytab in UCS 5.0
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
squid_ldap_ntlm_auth.patch - run negotiate_kerberos_auth with -r to remove REALM from username
squid_ldap_ntlm_auth.patch (text/plain), 1.52 KB, created by
Felix Botner
on 2021-08-24 14:50:11 CEST
(
hide
)
Description:
squid_ldap_ntlm_auth.patch - run negotiate_kerberos_auth with -r to remove REALM from username
Filename:
MIME Type:
Creator:
Felix Botner
Created:
2021-08-24 14:50:11 CEST
Size:
1.52 KB
patch
obsolete
>diff --git a/services/univention-squid/squid_ldap_ntlm_auth b/services/univention-squid/squid_ldap_ntlm_auth >index c5f3299a6a..e6a5fa2fb3 100755 >--- a/services/univention-squid/squid_ldap_ntlm_auth >+++ b/services/univention-squid/squid_ldap_ntlm_auth >@@ -660,9 +660,10 @@ if __name__ == '__main__': > # open pipe to squid_kerb_auth for kerberos stuff > kerbPipe = None > if options.gssSpnego: >- kerbPipe = subprocess.Popen([ >- '/usr/lib/squid/negotiate_kerberos_auth', '-k', '/var/lib/samba/private/http-proxy-%(hostname)s.keytab' % cr >- ], stdin=subprocess.PIPE, stdout=subprocess.PIPE) >+ cmd = ['/usr/lib/squid/negotiate_kerberos_auth', '-k', '/var/lib/samba/private/http-proxy-%(hostname)s.keytab' % cr ] >+ if options.gssSpnegoStripRealm: >+ cmd.append('-r') >+ kerbPipe = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE) > > while True: > >@@ -701,15 +702,7 @@ if __name__ == '__main__': > kerbPipe.stdin.flush() > answer = kerbPipe.stdout.readline() > if options.debug: >- debug("real answer %s" % answer) >- # remove realm from login >- if options.gssSpnegoStripRealm: >- tmp = answer.split() >- if len(tmp) > 2 and tmp[0] == "AF": >- login = tmp[2].split("@", 1)[0] >- answer = "%s %s %s" % (tmp[0], tmp[1], login) >- if options.debug: >- debug("fixed answer %s" % answer) >+ debug("answer %s" % answer) > # this whole stuff could also be done by > # python kerberos > # result, context = kerberos.authGSSServerInit('HTTP')
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10808">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 53648
: 10808