Package: squid Version: 4.0.23-1~exp8 Severity: normal Dear Maintainer,
I don't know if it is a bug, at least it is 'unexpected behaviour'. I'm playing with squid 4.0.23-1~exp8 from experimental and trying to authenticate with kerberos. It seems that /etc/default/squid is not correctly processed. Following various howto's I created /etc/default/squid with: KRB5_KTNAME=/etc/squid/PROXY.keytab export KRB5_KTNAME At first it worked as expected, but a couple of hours (and a squid reload/restart) later, I see errors about using the default keytab (and not the one specified in /etc/default/squid). negotiate_kerberos_auth.cc(546): pid=21176 :2018/04/19 00:08:35| negotiate_kerberos_auth: INFO: Setting keytab to /etc/squid/PROXY.keytab negotiate_kerberos_auth.cc(570): pid=21176 :2018/04/19 00:08:35| negotiate_kerberos_auth: INFO: Changed keytab to MEMORY:negotiate_kerberos_auth_21176 ... negotiate_kerberos_auth.cc(546): pid=18468 :2018/04/19 04:31:47| negotiate_kerberos_auth: INFO: Setting keytab to FILE:/etc/krb5.keytab negotiate_kerberos_auth.cc(75): pid=18468 :2018/04/19 04:31:47| negotiate_kerberos_auth: ERROR: krb5_read_keytab failed: Permission denied 2018/04/19 04:31:47| negotiate_kerberos_auth: ERROR: krb5_read_keytab: Permission denied negotiate_kerberos_auth.cc(556): pid=18468 :2018/04/19 04:31:47| negotiate_kerberos_auth: ERROR: Reading keytab FILE:/etc/krb5.keytab into list failed I tried to: systemctl restart squid, systemctl reload squid systemctl stop squid; systemctl start squid same with KRB5_KTNAME=FILE:/etc/squid/PROXY.keytab but nothing of this was able to bring back the correct keytab. Of course a '-k /etc/squid/PROXY.keytab' added to 'negotiate_kerberos_auth' in squid.conf fixes the situation, but I would expect squid to respect /etc/default/squid. Thanks a lot, Christian -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages squid depends on: ii adduser 3.115 ii libc6 2.24-11+deb9u3 ii libcap2 1:2.25-1 ii libcomerr2 1.43.4-2 ii libdb5.3 5.3.28-12+deb9u1 pn libdbi-perl <none> pn libecap3 <none> ii libexpat1 2.2.0-2+deb9u1 ii libgcc1 1:6.3.0-18+deb9u1 ii libgssapi-krb5-2 1.15-1+deb9u1 ii libkrb5-3 1.15-1+deb9u1 ii libldap-2.4-2 2.4.44+dfsg-5+deb9u1 ii libltdl7 2.4.6-2 ii libnetfilter-conntrack3 1.0.6-2 ii libnettle6 3.3-1+b2 ii libpam0g 1.1.8-3.6 ii libsasl2-2 2.1.27~101-g0780600+dfsg-3 ii libstdc++6 6.3.0-18+deb9u1 ii libxml2 2.9.4+dfsg1-2.2+deb9u2 ii logrotate 3.11.0-0.1 ii lsb-base 9.20161125 ii netbase 5.4 pn squid-common <none> Versions of packages squid recommends: ii libcap2-bin 1:2.25-1 Versions of packages squid suggests: pn resolvconf <none> pn smbclient <none> pn squid-cgi <none> pn squid-purge <none> pn squidclient <none> pn ufw <none> pn winbindd <none>
