[squid-users] Using AD groups from negotiate_kerberos_auth in ssl-bumped connections.

Amos Jeffries squid3 at treenet.co.nz
Wed Mar 25 03:39:24 UTC 2026

Previous message (by thread): [squid-users] Using AD groups from negotiate_kerberos_auth in ssl-bumped connections.
Next message (by thread): [squid-users] Using AD groups from negotiate_kerberos_auth in ssl-bumped connections.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 25/03/2026 04:02, Alex Rousskov wrote:
> On 2026-03-24 09:33, Amos Jeffries wrote:
> 
>> Every clt_conn_tag should be added to the client<->Squid TCP 
>> connection, after which every transaction on that connection should be 
>> able to see them.
> 
> The above assertion is false. Squid does not (or should not) work that 
> way since Bug 4912 fix (i.e. 2019 commit d665de37) replaced an "always 
> add" with an "always overwrite" design for most[^1] annotations, 
> including clt_conn_tag:

Doh, forgot about that. Thanks Alex.

Johnathan: the helper should use the comma-separated syntax Squid 
outputs in the log.

HTH
Amos

Previous message (by thread): [squid-users] Using AD groups from negotiate_kerberos_auth in ssl-bumped connections.
Next message (by thread): [squid-users] Using AD groups from negotiate_kerberos_auth in ssl-bumped connections.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the squid-users mailing list