Re: [squid-users] Squid with Kerberos auth

From: Amos Jeffries <>
Date: Thu, 15 Dec 2011 10:50:36 +1300

 On Wed, 14 Dec 2011 13:22:38 -0200, Wladner Klimach wrote:
> Hello,
> i'm running squid with kerberos authentication. The problem is that
> it's runing too slow. Looks like squid is negotiating with AD every
> URL it tries to get. Anyone could point me a way out?

 A few things:

  * Double-check that you have connection persistence (keep-alive)
 operating on all connections (both client and server).

  * Ensure that your squid is as recent as you can use, we have had
 ongoing small fixes to improve persistence across all releases this past

  * Check that the auth packets are not failing over into NTLM or older
 protocols in apps which are supposed to be on Kerberos.

  * Maybe also check that DNS lookups Kerberos depends on for DC
 location are responding fast with reasonable TTL.

Received on Wed Dec 14 2011 - 22:50:39 MST

This archive was generated by hypermail 2.2.0 : Mon Dec 19 2011 - 12:00:03 MST