Re: [squid-users] auth_param ntlm children vs Site Size

From: Amos Jeffries <>
Date: Mon, 09 Jul 2012 23:28:43 +1200

On 9/07/2012 9:13 p.m., Jason Leschnik wrote:
> Hey all,
> Just curious about what size your user base is compared to how many
> children processes you have for ntlm authentication. We found with
> 1000-1500 users that 30 children was no enough, resulting in cache.log
> queue warnings. So what combination have you found reasonable?

For NTLM the theoretical ideal is about 4 helpers per active user
(ouch!), just because of the extremely inefficient way it works. As you
cut down the ratio of helpers:users from that the user-visible lag
becomes longer. So yes a few dozen heleprs for a thousand users is
nowhere near enough. It's not uncommon to see a few hundred NTLM helpers
in one Squid instance for your user levels.
  Try making that 100 helper children and see what the loading is. The
low numbered helepers will get a lot of requests tailing off to least
load on the 100th helper.

If you have a choice go for Kerberos instead or as first preference over

Received on Mon Jul 09 2012 - 11:28:51 MDT

This archive was generated by hypermail 2.2.0 : Mon Jul 09 2012 - 12:00:01 MDT