[squid-users] Re: Squid with Kerberos auth

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Wed, 14 Dec 2011 23:02:49 -0000

"Amos Jeffries" <squid3_at_treenet.co.nz> wrote in message
news:a33f8edad2f5caa9757fe142bb456aba_at_treenet.co.nz...
> On Wed, 14 Dec 2011 13:22:38 -0200, Wladner Klimach wrote:
>> Hello,
>>
>> i'm running squid with kerberos authentication. The problem is that
>> it's runing too slow. Looks like squid is negotiating with AD every
>> URL it tries to get. Anyone could point me a way out?
>
> A few things:
>
> * Double-check that you have connection persistence (keep-alive)
> operating on all connections (both client and server).
>
> * Ensure that your squid is as recent as you can use, we have had ongoing
> small fixes to improve persistence across all releases this past year.
>
> * Check that the auth packets are not failing over into NTLM or older
> protocols in apps which are supposed to be on Kerberos.
>
> * Maybe also check that DNS lookups Kerberos depends on for DC location
> are responding fast with reasonable TTL.
>

For Kerberos authentication DNS would only be required on the client not the
squid server. If you use squid_kerb_ldap then the squid server does DNS
queries and nscd or a local caching DNS server should be used to cache DNS
results.

> Amos
>
>

Regards
Markus
Received on Wed Dec 14 2011 - 23:03:14 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 15 2011 - 12:00:03 MST