[squid-users] ext_kerberos_ldap_group_acl and Kerberos cache

Eugene M. Zheganin emz at norma.perm.ru
Wed May 18 18:11:01 UTC 2016


On 18.05.2016 16:29, Amos Jeffries wrote:
> I don't know what you mean by "the main tree". But The feature you
> describe does not qualify for adding to the 3.5 production release
> series. The only features added to a series after is goes to "stable"
> production releases are ones which resolve non-feature bugs or can be
> done without affecting existing installations.
Well, you can treat kerberos cache in the kerberos group ACL helper as 
both. It doesn't affect current installations in any way: neither it 
doesn't change the configuration syntax, nor adds new caveats. In the 
same way it can be considered as a bugfix: as far as I know it was 
supposed to exist in the helper from the start, but was misimplemented. 
All it adds is the cache: it caches the credentials up to their TTL, 
which is defined by the ticket (not by squid, not by helper).
> By changing the helper behaviour in all cases this clearly affects
> existing installations. So only qualifies for including into the next
> series, which is Squid-4.
It doesn't change helper behaviour, it fixes it.


More information about the squid-users mailing list