[squid-users] Re: Kerberos auth - Low performence

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Tue, 13 Dec 2011 06:18:54 -0000

Hi Wladner,

 If you use MIT Kerberos you could try to disable the replay cache

Kerberos can keep a replay cache to detect the reuse of Kerberos tickets
(usually only possible in a 5 minute window) . If squid is under high load
with Negotiate(Kerberos) proxy authentication requests the replay cache
checks can create high CPU load. If the environment does not require high
security the replay cache check can be disabled for MIT based Kerberos
implementations by adding the following to the startup script


as described here


"Wladner Klimach" <wladner_at_gmail.com> wrote in message
> Hey people,
> i'm runing squid-3.1 with negotiate with squid_kerb_auth program. The
> only problem is that it's generating slowlyness for browsing sites.
> Could anyone point some article of tunning squid with kerberos?
> regards,
> Wladner
Received on Tue Dec 13 2011 - 06:20:37 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 13 2011 - 12:00:03 MST