I would think this is a client problem. After changing the password the
client workstation (e.g. XP) will clear its cache and request new TGS from
AD. If the password change happend on another client it could be that
cached credentials are used and a TGS can't be retrieved from AD. Usually a
lock and unlock of the workstation solves this..
Markus
"Rafal Zawierta" <zawierta_at_gmail.com> wrote in message
news:CAPXtaS86TXG2UJQB+Z+eMq5x-88Jjxk+DrFUPcpQaaZ5_WGCnQ_at_mail.gmail.com...
> Hello,
>
> I've noticed, that in one setup of Squid3 (+kerb auth against AD),
> when user changes his password (at that moment I'm not sure when he
> make that change) he receives such message:
> Sorry, you are not currently allowed to request http://google.com/
> from this cache until you have authenticated yourself.
>
> Where should I look for solution of that issue? In ttl param of
> authentication helper? I haven't tried yet, but probably restarting
> squid after user changes his password solves that problem.
>
> Regars
> Rafal
>
Received on Mon Aug 29 2011 - 22:54:34 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 30 2011 - 12:00:02 MDT