I've seen a race condition here. The NCSA helper only reopens the file when
it sees the modification time change. If the overwrite procedure doesn't create
a temp file and move the full new file over the old one, squid might pick up
on a partially-uploaded file and not bother to re-read the file until its
modification time changes again.
I solved it by an scp followed by a rename.
See if that fixes it for you.
Adrian
On Wed, Sep 05, 2007, DiGeronimo,Sergio (IT Solutions CA) wrote:
> I've been having an intermittent problem with user authentication over the
> last couple of months. For reasons I've yet to understand, users will all
> of a sudden not be able to authenticate (we're using ncsa_auth) to Squid
> despite providing valid credentials (confirmed with debug_options ALL,1
> 29,9) ; Squid will repeatedly prompt the user for authentication and
> ultimate deny access due to authentication failure.
>
> Basically, we have users directed to one of two proxy's (Solaris 8,
> Squid-2.5.STABLE10) via a proxy auto configuration file. We ftp out a
> password file (about 75K) to both proxy's which overwrites the active
> password file used by Squid.
>
> The problem appears to occur against each proxy simultaneously and so we had
> suspected a problem with the fact that we're overwriting the active password
> file (although we confirmed it is being ftp'ed out intact)but we've not been
> able to establish any correlation. Also, tried increasing auth_param basic
> children but to no avail.
>
> Ultimately, the symptoms 'go away' after a few minutes or alternatively
> we're able to stabilize things by bouncing squid issuing a 'squid -k
> reconfigure' ; interestingly after doing this we observe several 'Clearing
> cache ACL results for user: <username>' entries in cache.log where
> <username> matches the account name of a user actively experiencing the
> problem.
>
> Would appreciate any insights? Thank-you.
>
>
> Regards,
>
> Sergio Di Geronimo
> SIEMENS
> Siemens IT Solutions and Services
-- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level bandwidth-capped VPSes available in WA -Received on Wed Sep 05 2007 - 21:03:16 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT