[squid-users] Squid, Kerberos and FireFox (Was: Re: leaking memory in squid 3.4.8 and 3.4.7.)

Amos Jeffries squid3 at treenet.co.nz
Thu Oct 23 05:03:19 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 23/10/2014 5:53 p.m., Victor Sudakov wrote:
> Eliezer Croitoru wrote:
> 
>> And about the basic issues that you were having with performance,
>> does it help to run Kerberos instead of NTLM (it should...)?
> 
> I have even moved squid to a new virtual machine (FreeBSD
> 9.3-RELEASE under VMWare, 1 GB RAM) and performance still sucks
> royally.
> 
> The Web access is fast in the morning, but I begin getting
> complaints about "slow Internet" by lunchtime. I myself can visualy
> see the performance degradation while browsing the web, and the
> growth of the squid memory consumption. I observe about 25-30
> negotiate_kerberos_auth processes simultaneously.
> 
> My config:
> 
> auth_param negotiate program
> /usr/local/libexec/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME 
> auth_param negotiate children 100 startup=5 idle=10 auth_param
> negotiate keep_alive on
> 
> If I set "auth_param negotiate keep_alive" to off, should it
> improve performance?

You can try it if you like. It is a workaround to MSIE 6.0 NTLM
implementation bugs, so should not have any effect on Kerberos. But
may help with older clients using Negotiate/NTLM.

I recall you had IDENT protocol acting as a bypass on user login
earlier. Are you still using that with the new IDENT bug fix patch in
your Squid-3.4?

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUSIwWAAoJELJo5wb/XPRj1S0IALhQF646CI82XVEcNFtUsx8p
9QfzV1PlUgbhvPYbNIR/aLuvnObPgutThRe4hJ9GSgMES78MTShuDK3EmMAgkM/J
UKt/xjvMvBlBkFS3iopfV7vPo/zaX5AHshCpSLw5OaKg2nuC276LgSvNx6JMfln/
LD7o7HvhLXPwBoS5BBWf/y1qsDw8wBF1JyNwhySxkhbVWV8nrP/sb6FY4XClZln4
4UcJmKAIoNiQ2npaZRTguHh0DXVaEnWUumhUN+qBsO0kAQ2pIL4yyxxQuNLcAhgp
TJCc/mRW8mYY2QcsVdTGWjGWe2mfVgyV9TYIFriHqf9cqIDXsqiv9LFWiOidSpI=
=ekNx
-----END PGP SIGNATURE-----


More information about the squid-users mailing list