Re: [squid-users] squid_ldap_auth - authentication only after 3 try

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 04 Apr 2013 19:06:27 +1300

On 4/04/2013 7:35 a.m., Pavel Bychykhin wrote:
> According to the documentation, setting keep_alive to "off" makes
> Squid more stable in some circumstances.
> I'm using "off" for keep_alive - no problems.
>
> 03.04.2013 20:58, Alípio Luiz пишет:
>> I did a test setting the parameter keep_alive to off in auth_param
>> negotiate. It worked...
>> A question: Is there any problem on keeping the keep_alive parameter
>> off?
>>

It is a hack added for IE6 and some other systems which assume HTTP/1.0
non-persistent connections and break badly when persistent connections
fail to do auth handshake on the first try. Making Squid send
Connection:close along with the first NTLM auth challenge response. Once
the connection is authenticated the persistent connection stuff all
works normally.

The only problem with using it is that each NTLM login now requires two
TCP connections causing an increase in TCP sockets cycling through
TIME_WAIT.

PS. I am about to commit a patch that fixes problems Safari was having
with Squid-3.2 that may be related. If you are able to run squid-3.3
with a patch and would like to see if it resolves this issues as well I
can send you a copy.

Amos
Received on Thu Apr 04 2013 - 06:06:36 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 04 2013 - 12:00:04 MDT