[squid-users] Squid, Kerberos and FireFox (Was: Re: leaking memory in squid 3.4.8 and 3.4.7.)
Victor Sudakov
sudakov at sibptus.tomsk.ru
Thu Oct 23 05:19:37 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Amos Jeffries wrote:
> >
> >> And about the basic issues that you were having with performance,
> >> does it help to run Kerberos instead of NTLM (it should...)?
> >
> > I have even moved squid to a new virtual machine (FreeBSD
> > 9.3-RELEASE under VMWare, 1 GB RAM) and performance still sucks
> > royally.
> >
> > The Web access is fast in the morning, but I begin getting
> > complaints about "slow Internet" by lunchtime. I myself can visualy
> > see the performance degradation while browsing the web, and the
> > growth of the squid memory consumption. I observe about 25-30
> > negotiate_kerberos_auth processes simultaneously.
> >
> > My config:
> >
> > auth_param negotiate program
> > /usr/local/libexec/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME
> > auth_param negotiate children 100 startup=5 idle=10 auth_param
> > negotiate keep_alive on
> >
> > If I set "auth_param negotiate keep_alive" to off, should it
> > improve performance?
>
> You can try it if you like. It is a workaround to MSIE 6.0 NTLM
> implementation bugs, so should not have any effect on Kerberos. But
> may help with older clients using Negotiate/NTLM.
I don't use Negotiate/NTLM so this will make no difference to me, no
use trying.
> I recall you had IDENT protocol acting as a bypass on user login
> earlier. Are you still using that with the new IDENT bug fix patch in
> your Squid-3.4?
I am running squid-3.4.8_2 now and I have disabled IDENT lookups
completely.
May I show you again my "squidclient mgr:mem" right after the start
and several hours later?
- --
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUSI/pAAoJEA2k8lmbXsY0dF8H/ikVW4uHWGlJaR18KiMZhrnA
xeVF7NEgtr8BftTdsD9jXPiY+XDnEdaTxcOKZ9SDUbJyt7EysjOSsm6Kp+iIKxng
UaINArEH7I1/tnCmwc8MSGJx2rvNyfylTnXviQo2Vue9XvuW5I6R6JX/2/W6T5b0
PUauJP68PWiTHfFMFCWy2l9G+s0DifV+Z7dgdkhQp8H5NSpx7JJIzlyc1INPzFgI
Ai1VMAzzmDegC6DPJIcJ9l9ECxaBC7okGLDVlFyEdN5izxyNmyYAbK2Eggvn2pYs
oZdzoRpqkk/8QQ5vQm7z1sE9VWi8TsKVoX8brbaTAtHJcbdSo8Uc/qN3Kn9S35M=
=10g/
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list