[squid-users] Squid Samba 4 and ntlm_auth concurrency question
David Webb
d.webb at mdx.ac.uk
Sat Aug 20 13:34:12 UTC 2016
I'm currently using the binary version of squid provided by yum with
RHEL 7.2 (3.3.8) with Samba 4's winbind ntlm_auth to authenticate
against AD which is working fine
auth_param negotiate program /usr/bin/ntlm_auth --helper-protocol=gss-spnego
auth_param negotiate children 250 startup=2 idle=1
auth_param negotiate keep_alive off
#
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 250 startup=2 idle=1
auth_param ntlm keep_alive off
#
However I'm wondering if I can reduce the number of ntlm_auth processes
created by introducing some concurrency.
I've seen mention of helper-mux.pl but from what I've seen on the web
I'm not sure if this will work with negotiate and ntlm.
Also it looks like in the future with Squid 4 helper-mux.pl is being
retired.
I've also seen some mention of Samba 4 building in some concurrency
itself into ntlm_auth but I'm not sure that this is fully supported.
So my question is what is the current state of play for squid 3.x (and
upcoming squid 4) with respect to negotiate and ntlm concurrency with
samba4 ?
--
David Webb (CISSP-ISSAP)
Information Systems Security Architecture Professional
IT Security team leader
CCSS
Middlesex University
---------------------------------------------------------------------------
Please note that all incoming post to Middlesex University is opened and scanned by our digital document handler and then emailed to the recipient. If you do not want your correspondence to processed in this way please email the recipient directly. Parcels, couriered items and recorded delivery items will not be opened or scanned.
More information about the squid-users
mailing list