[squid-users] Too many TCP_DENIED/407 when using Kerberos authentication

From: Hooman Valibeigi <hooman.v_at_gmail.com>
Date: Mon, 30 Sep 2013 22:28:26 +0330

Hi

I have successfully configured kerberos authentication in squid 3.1.10
using squid_kerb_auth helper and tested it in IE and Chrome on machine
joined to a Windows 2008 domain controller.

I took a look at squid's access.log and recognized that almost 40% of
the requests have failed on the first attempt with TCP_DENIED/407 and
succeeded on the second. It seems that the browser does not send the
authentication header for every new connection thus fails on 1st
attempt.

Is this something normal with kerberos?
Is this not how ntlm works?
What can I do about it?

-- 
Best,
Hooman Valibeigi
Received on Mon Sep 30 2013 - 18:58:32 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 01 2013 - 12:00:04 MDT