Hi Wladner,
If you use MIT Kerberos you could try to disable the replay cache
Kerberos can keep a replay cache to detect the reuse of Kerberos tickets
(usually only possible in a 5 minute window) . If squid is under high load
with Negotiate(Kerberos) proxy authentication requests the replay cache
checks can create high CPU load. If the environment does not require high
security the replay cache check can be disabled for MIT based Kerberos
implementations by adding the following to the startup script
KRB5RCACHETYPE=none
export KRB5RCACHETYPE
as described here
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos.
Markus
"Wladner Klimach" <wladner_at_gmail.com> wrote in message
news:CAP3mw_ESUYhzyotUyLOnt91yYkQH0yRmmdgfxWXbmwRTnsFHiw_at_mail.gmail.com...
> Hey people,
>
> i'm runing squid-3.1 with negotiate with squid_kerb_auth program. The
> only problem is that it's generating slowlyness for browsing sites.
> Could anyone point some article of tunning squid with kerberos?
>
> regards,
>
> Wladner
>
Received on Tue Dec 13 2011 - 06:20:37 MST
This archive was generated by hypermail 2.2.0 : Tue Dec 13 2011 - 12:00:03 MST