[squid-users] ext_kerberos_ldap_group_acl and Kerberos cache
Eugene M. Zheganin
emz at norma.perm.ru
Wed May 18 05:57:28 UTC 2016
Hi.
I've just checked that squid 3.5.19 sources, and discovered the
following fact that is really disturbing:
(first some explanation)
Markus Moeller, the author of the external kerberos group helper, has
implemented the Kerberos credentials cache in the
ext_kerberos_ldap_group_acl helper back in the 2014. The idea is to
cache the credentials inside the helper instance, so when it encounters
a request with user id and group that are already in the cache, the
helper can skip the kerberos initialization sequence for this set of
credentials. This cached version is times faster than original one, that
doesn't use the cache.
(now the disturbing fact)
Surprisingly, the cached version didn't make it to the main tree for 2
past years.
Could this situation be corrected please ?
Thanks.
Eugene.
More information about the squid-users
mailing list