[squid-users] growing number of ntlm_auth helpers (was 100% cpu usage with ext auth/Excessive NTLM or Negotiate auth helper annotations)

Rietzler, Markus (RZF, SG 324 / <RIETZLER_SOFTWARE>) markus.rietzler at fv.nrw.de
Mon Apr 13 08:39:15 UTC 2015


hello,

we are using squid version 3.5.3. at the moment we see a growing number of ntlm_auth helpers until they reach the much number configured with


auth_param ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm realm
auth_param ntlm children 192 startup=24 idle=12 concurrency=0
auth_param ntlm keep_alive on
auth_param basic /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic realm Internet-Zugriff
 auth_param basic children 5 startup=2 idle=1 concurrency=0
auth_param basic credentialsttl 7200 seconds
auth_param basic casesensitive off
auth_param basic utf8 off
authenticate_cache_garbage_interval 3600 seconds
authenticate_ttl 3600 seconds
authenticate_ip_ttl 1 seconds



we went to 3.5.1 because this version fixed bug 3997 (100% cpu usage with external auth). but there we saw the growing of ntlm_auth helpers. we then switched to the recent version 3.5.3. no growing number of auth helpers but frequent restarts every 1 or 2 hours with signal 6. so i suppose that the growing of auth helpers still is there but maybe have no effect as squid is restarting before the number gets to high (bug 4190 also is related to auth!)

see related bugs:

http://bugs.squid-cache.org/show_bug.cgi?id=3997
http://bugs.squid-cache.org/show_bug.cgi?id=4190


Mit freundlichen Grüßen

Markus Rietzler
<RIETZLER_SOFTWARE/>
Rechenzentrum der Finanzverwaltung NRW
Roßstr. 131
40476 Düsseldorf

Tel.: 0211 / 4572 - 2130



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150413/26dd4313/attachment.html>


More information about the squid-users mailing list