On Sun, 19 Sep 2010 12:37:38 -0700, "David Parks" <davidparks21_at_yahoo.com>
wrote:
> I've simplified things as far as I can think to and still get what
appear
> to
> be random TCP_DENIED/407 errors after I've been authenticated.
>
> Using Squid 2.7 STABLE 9, I'm now just using the digest_pw_auth
> authenticator with a single user pw file of test:test.
>
> If I turn off authentication there's no problem. But with authentication
on
> I can't get much further than a page or two of sites like Yahoo.com or
> LATimes.com (sites with many resources) before I get a 407.
>
> I've run some wireshark captures and could post the http header
> request/responses if that helps any. I don't know the digest
authentication
> protocol well enough to follow all the nonce transitions and all of that
to
> see if it's a problem.
>
> Here is my squid.conf in hopes that someone might have some ideas on
> direction I could take in debugging this.
>
> Is there any way to get more info from Squid about why it's throwing
407's?
debug_options 29,6
Squid has a few strange things going on with ref-counting of the
credentials. Particularly relevant would be race conditions erasing the
past credentials if a new validation re-check fails.
NP: 3.2 has had an overhaul in the credentials management to remove such
bugs. But the digest side has not yet had strong testing. If you are able
to help out with the testing and fixing any found issues there it may prove
more reliable.
Amos
Received on Sun Sep 19 2010 - 23:32:47 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 21 2010 - 12:00:03 MDT