[squid-users] ext_kerberos_ldap_group_acl and Kerberos cache
Eugene M. Zheganin
emz at norma.perm.ru
Wed May 18 18:11:01 UTC 2016
Hi.
On 18.05.2016 16:29, Amos Jeffries wrote:
>
> I don't know what you mean by "the main tree". But The feature you
> describe does not qualify for adding to the 3.5 production release
> series. The only features added to a series after is goes to "stable"
> production releases are ones which resolve non-feature bugs or can be
> done without affecting existing installations.
Well, you can treat kerberos cache in the kerberos group ACL helper as
both. It doesn't affect current installations in any way: neither it
doesn't change the configuration syntax, nor adds new caveats. In the
same way it can be considered as a bugfix: as far as I know it was
supposed to exist in the helper from the start, but was misimplemented.
All it adds is the cache: it caches the credentials up to their TTL,
which is defined by the ticket (not by squid, not by helper).
> By changing the helper behaviour in all cases this clearly affects
> existing installations. So only qualifies for including into the next
> series, which is Squid-4.
It doesn't change helper behaviour, it fixes it.
Eugene.
More information about the squid-users
mailing list