Index: helpers/external_acl/kerberos_ldap_group/support_krb5.cc =================================================================== --- helpers/external_acl/kerberos_ldap_group/support_krb5.cc.orig +++ helpers/external_acl/kerberos_ldap_group/support_krb5.cc @@ -81,7 +81,7 @@ k5_error(const char* msg, krb5_error_cod * create Kerberos memory cache */ int -krb5_create_cache(char *domain) +krb5_create_cache(struct main_args *margs, char *domain) { krb5_keytab keytab = 0; @@ -178,8 +178,17 @@ krb5_create_cache(char *domain) if (code) { k5_error("Error while unparsing principal name",code); } else { - debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); - found = 1; + if (margs->brokenad == 1) { + if (!strncmp(principal_name,"HTTP/",strlen("HTTP/"))==0){ + debug((char *) "%s| %s: DEBUG: Found principal without 'HTTP/' service name: %s NOT USING IT\n", LogTime(), PROGRAM, principal_name); + } else { + debug((char *) "%s| %s: DEBUG: Found principal with 'HTTP/' service name: %s\n", LogTime(), PROGRAM, principal_name); + found = 1; + } + } else { + debug((char *) "%s| %s: DEBUG: Found principal name: %s\n", LogTime(), PROGRAM, principal_name); + found = 1; + } } } #if USE_HEIMDAL_KRB5 || ( HAVE_KRB5_KT_FREE_ENTRY && HAVE_DECL_KRB5_KT_FREE_ENTRY ) Index: helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc =================================================================== --- helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc.orig +++ helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc @@ -61,6 +61,7 @@ init_args(struct main_args *margs) margs->rc_allow = 0; margs->AD = 0; margs->mdepth = 5; + margs->brokenad = 0; margs->ddomain = NULL; margs->groups = NULL; margs->ndoms = NULL; @@ -179,7 +180,7 @@ main(int argc, char *const argv[]) init_args(&margs); - while (-1 != (opt = getopt(argc, argv, "diasg:D:N:S:u:U:t:T:p:l:b:m:h"))) { + while (-1 != (opt = getopt(argc, argv, "diasxg:D:N:S:u:U:t:T:p:l:b:m:h"))) { switch (opt) { case 'd': debug_enabled = 1; @@ -231,6 +232,9 @@ main(int argc, char *const argv[]) case 'S': margs.llist = xstrdup(optarg); break; + case 'x': + margs.brokenad = 1; + break; case 'h': fprintf(stderr, "Usage: \n"); fprintf(stderr, "squid_kerb_ldap [-d] [-i] -g group list [-D domain] [-N netbios domain map] [-s] [-u ldap user] [-p ldap user password] [-l ldap url] [-b ldap bind path] [-a] [-m max depth] [-h]\n"); @@ -247,6 +251,7 @@ main(int argc, char *const argv[]) fprintf(stderr, "-l ldap url\n"); fprintf(stderr, "-b ldap bind path\n"); fprintf(stderr, "-s use SSL encryption with Kerberos authentication\n"); + fprintf(stderr, "-x force use of HTTP/ principal on ms ad 2008\n"); fprintf(stderr, "-a allow SSL without cert verification\n"); fprintf(stderr, "-m maximal depth for recursive searches\n"); fprintf(stderr, "-h help\n"); Index: helpers/external_acl/kerberos_ldap_group/support.h =================================================================== --- helpers/external_acl/kerberos_ldap_group/support.h.orig +++ helpers/external_acl/kerberos_ldap_group/support.h @@ -101,6 +101,7 @@ struct main_args { int rc_allow; int AD; int mdepth; + int brokenad; char *ddomain; struct gdstruct *groups; struct ndstruct *ndoms; @@ -160,7 +161,7 @@ int create_nd(struct main_args *margs); int create_ls(struct main_args *margs); #ifdef HAVE_KRB5 -int krb5_create_cache(char *domain); +int krb5_create_cache(struct main_args *margs, char *domain); void krb5_cleanup(void); #endif Index: helpers/external_acl/kerberos_ldap_group/support_ldap.cc =================================================================== --- helpers/external_acl/kerberos_ldap_group/support_ldap.cc.orig +++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc @@ -888,7 +888,7 @@ get_memberof(struct main_args *margs, ch debug((char *) "%s| %s: DEBUG: Setup Kerberos credential cache\n", LogTime(), PROGRAM); #if HAVE_KRB5 - kc = krb5_create_cache(domain); + kc = krb5_create_cache(margs,domain); if (kc) { error((char *) "%s| %s: ERROR: Error during setup of Kerberos credential cache\n", LogTime(), PROGRAM); }