Hello,
I'm using squid_kerb_ldap (via external_acl_type) to authenticate via kerberos and authorize access via ldap groups.
This seems to work. Partly anyway. My problem is:
Most of the traffic is authorized as shown in the access.log file which shows GETs and CONNECTs using the respective kerberos id (user_at_DOMAIN) but some GETs and CONNECTs lack that kerberos id (-) and consequently fail (TCP_DENIED).
I tested if an earlier ACL might prevent those transfers from being allowed by inserting an ACL right before the external_acl_type to allow all transfers from the host I was using. This didn't show any TCP_DENIEDs.
I also wondered if the browser could be at fault (not requesting each GET with the respective kerberos id) so I changed from Firefox to Chromium. The behaviour was identical.
Can anyone think of a reason for this behaviour or another way to debug for the cause?
Received on Wed Feb 15 2012 - 14:12:58 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 17 2012 - 12:00:03 MST