Bug 10707 - ntlm_auth --helper-protocol=gss-spnego does not honour --target-service and --target-hostname
ntlm_auth --helper-protocol=gss-spnego does not honour --target-service and -...
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind
All All
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2014-07-11 12:19 UTC by David Woodhouse
Modified: 2014-07-11 15:57 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description David Woodhouse 2014-07-11 12:19:28 UTC
I'm using squid configured thus:

auth_param negotiate program /usr/bin/ntlm_auth --helper-protocol=gss-spnego --target-service=rcmd --target-hostname=dwodhou-linux.ger.corp.intel.com

I deliberately put errors in the --target-service and --target-hostname arguments. Surely it should have stopped working? But it seems to accept Kerberos tickets for *any* service that's in the keytab.