[squid-users] squid kerberos auth, acl note group

Klaus Brandl klaus_brandl at genua.de
Mon Oct 19 12:33:38 UTC 2020


> > But i think, we have a caching problem here, i found out, that the
> > group 
> > informations are only updated on a squid reconfigure.
> > 
> > And also the acl note group ... seems to be cached as long as squid
> > is 
> > restarted completely. I removed the configured group from the user,
> > but i could 
> > see this group still maching in the cache.log, also after a
> > reconfigure, when 
> > the auth_helper does not tell about this group any more.
> > 
> 
> The groups are attached to credentials which are attached to the TCP
> connection (TTL only as long as the connection is open) and a token
> replay cache for up to authenticate_ttl directive time (default 1
> hour).
> 
> Setting that TTL to something very short, eg:
> 
>   authenticate_ttl 10 seconds
> 
> ... and disabling connection keep-alive:
> 
>   client_persistent_connections off
> 
> ... should work around the cache for testing. At least on HTTP
> traffic.
> HTTPS traffic goes through the proxy as a single tunnel request - so
> the
> entire HTTPS session is just one request/response pair to Squid.
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

sorry again, but i still have this caching problem with the groups in
the note ACL. I have tested the options you suggested, but it takes no
effekt, the group is still matching until squid is completely
restarted. It looks like the note ACL is always appended only.
Or is there a way, to flush this content?

Regards

Klaus





More information about the squid-users mailing list