diff -Nur squid-3.HEAD-20090910/bootstrap.sh squid-3-krb5/bootstrap.sh
--- squid-3.HEAD-20090910/bootstrap.sh	2009-09-10 01:10:35.000000000 +0100
+++ squid-3-krb5/bootstrap.sh	2009-09-10 11:20:46.000000000 +0100
@@ -141,8 +141,7 @@
 
 for dir in \
 	"" \
-	lib/libTrie \
-	helpers/negotiate_auth/squid_kerb_auth
+	lib/libTrie 
 do
     if [ -z "$dir" ] || [ -d $dir ]; then
 	if (
diff -Nur squid-3.HEAD-20090910/configure.in squid-3-krb5/configure.in
--- squid-3.HEAD-20090910/configure.in	2009-09-10 01:11:33.000000000 +0100
+++ squid-3-krb5/configure.in	2009-09-10 11:22:45.000000000 +0100
@@ -1761,7 +1761,6 @@
     AC_MSG_NOTICE([Negotiate auth helpers built: $NEGOTIATE_AUTH_HELPERS])
 fi
 AC_SUBST(NEGOTIATE_AUTH_HELPERS)
-AC_CONFIG_SUBDIRS(helpers/negotiate_auth/squid_kerb_auth)
 
 dnl Select digest auth scheme helpers to build
 if test -n "$AUTH_MODULE_digest"; then
@@ -1805,7 +1804,9 @@
 fi
 AC_SUBST(DIGEST_AUTH_HELPERS)
 
-dnl Check Kerberos
+dnl
+dnl Check Kerberos/GSSAPI/SPNEGO
+dnl
 SAVED_CPPFLAGS=$CPPFLAGS
 SAVED_LIBS=$LIBS
 AC_ARG_WITH(krb5-config,
@@ -1833,16 +1834,16 @@
     fi
 fi
 if test "$ac_krb5_config" = "yes" ; then
-    ac_heimdal=`$krb5confpath --version 2>/dev/null | grep -i heimdal`
-    ac_solaris=`$krb5confpath --version 2>/dev/null | grep -i solaris`
+    ac_heimdal="`$krb5confpath --version 2>/dev/null | grep -i heimdal`"
+    ac_solaris="`$krb5confpath --version 2>/dev/null | grep -i solaris`"
     if test "x$ac_heimdal" != "x" ; then
         AC_DEFINE(HAVE_HEIMDAL_KERBEROS,1,[Define to 1 if you have Heimdal Kerberos])
     else
         AC_DEFINE(HAVE_MIT_KERBEROS,1,[Define to 1 if you have MIT Kerberos])
     fi
     if test "$ac_solaris" != "" ; then
-        KRB5INCS=`$krb5confpath --cflags krb5 2>/dev/null`
-        KRB5LIBS=`$krb5confpath --libs krb5 2>/dev/null`
+        KRB5INCS="`$krb5confpath --cflags krb5 2>/dev/null`"
+        KRB5LIBS="`$krb5confpath --libs krb5 2>/dev/null`"
         KRB5INCS="-I/usr/include/gssapi $KRB5INCS"
         KRB5LIBS="-L/usr/lib -R/usr/lib -lgss -lresolv -lsocket -lnsl $KRB5LIBS"
     else
@@ -1857,7 +1858,13 @@
     if test "x$ac_heimdal" == "x" ; then
         AC_CHECK_HEADERS(gssapi/gssapi_generic.h)
     fi
-    AC_CHECK_HEADERS(krb5.h com_err.h)
+    AC_CHECK_HEADERS(krb5.h com_err.h et/com_err.h)
+    ac_com_error_message=no
+    if test "x$ac_cv_header_com_err_h" == "xyes" ; then
+        AC_EGREP_HEADER(error_message,com_err.h,ac_com_error_message=yes)
+    elif test "x$ac_cv_header_et_com_err_h" == "xyes" ; then
+        AC_EGREP_HEADER(error_message,et/com_err.h,ac_com_error_message=yes)
+    fi
     AC_MSG_CHECKING([for max_skew in struct krb5_context])
 AC_TRY_COMPILE([
 #include <krb5.h>
@@ -1871,6 +1878,14 @@
     if test "x$ac_heimdal" == "x" ; then
         AC_CHECK_HEADERS(profile.h)
     fi
+    if test `echo $KRB5LIBS | grep -c com_err` -ne 0 -a "x$ac_com_error_message" == "xyes" ; then
+        AC_CHECK_LIB(com_err,error_message,
+            AC_DEFINE(HAVE_ERROR_MESSAGE,1,[Define to 1 if you have error_message]),)
+    fi
+    AC_CHECK_LIB(krb5,krb5_get_err_text,
+        AC_DEFINE(HAVE_KRB5_GET_ERR_TEXT,1,[Define to 1 if you have krb5_get_err_text]),)
+    AC_CHECK_LIB(krb5,krb5_get_error_message,
+        AC_DEFINE(HAVE_KRB5_GET_ERROR_MESSAGE,1,[Define to 1 if you have krb5_get_error_message]),)
     AC_CHECK_LIB(krb5,krb5_kt_free_entry,
         AC_DEFINE(HAVE_KRB5_KT_FREE_ENTRY,1,[Define to 1 if you have krb5_kt_free_entry]),)
     AC_CHECK_LIB(krb5,krb5_get_init_creds_keytab,
@@ -4106,6 +4121,7 @@
 	helpers/ntlm_auth/mswin_sspi/Makefile \
 	helpers/negotiate_auth/Makefile \
 	helpers/negotiate_auth/mswin_sspi/Makefile \
+	helpers/negotiate_auth/squid_kerb_auth/Makefile \
 	helpers/external_acl/Makefile \
 	helpers/external_acl/ip_user/Makefile \
 	helpers/external_acl/ldap_group/Makefile \
diff -Nur squid-3.HEAD-20090910/src/peer_proxy_negotiate_auth.cc squid-3-krb5/src/peer_proxy_negotiate_auth.cc
--- squid-3.HEAD-20090910/src/peer_proxy_negotiate_auth.cc	2009-09-10 01:10:55.000000000 +0100
+++ squid-3-krb5/src/peer_proxy_negotiate_auth.cc	2009-09-10 11:20:46.000000000 +0100
@@ -41,7 +41,9 @@
 #endif				/* HAVE_KRB5_H */
 #if HAVE_COM_ERR_H
 #include <com_err.h>
-#endif				/* HAVE_COM_ERR_H */
+#elif HAVE_ET_COM_ERR_H
+#include <et/com_err.h>
+#endif                          /* HAVE_COM_ERR_H */
 
 #if HAVE_GSSAPI_GSSAPI_H
 #include <gssapi/gssapi.h>
@@ -62,8 +64,17 @@
 #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
 #endif
 
-#if HAVE_HEIMDAL_KERBEROS
+#if !HAVE_ERROR_MESSAGE && HAVE_KRB5_GET_ERR_TEXT
 #define error_message(code) krb5_get_err_text(kparam.context,code)
+#elif  !HAVE_ERROR_MESSAGE && HAVE_KRB5_GET_ERROR_MESSAGE
+#define error_message(code) krb5_get_error_message(kparam.context,code)
+#elif !HAVE_ERROR_MESSAGE
+static char err_code[17];
+    const char *KRB5_CALLCONV error_message(long code)
+    {
+       snprintf(err_code,16,"%ld",code);
+       return err_code;
+    }
 #endif
 
 #ifndef gss_mech_spnego