Re: [squid-users] kerberos auth failing behind a load balancer

From: Brett Lymn <brett.lymn_at_baesystems.com>
Date: Thu, 23 May 2013 15:12:47 +0930

On Wed, May 22, 2013 at 12:46:08PM +0300, Eliezer Croitoru wrote:
> On 2/28/2013 2:57 PM, Sean Boran wrote:
> >Hi,
> >
> >I’ve received (kemp) load balancers to put in front of squids to
> >provide failover.
> >The failover / balancing works fine until I enable Kerberos auth on the
> >squid.
> It seems to me like a basic LB problem since it's working on L7 and not L2.
> Why do you use L7 LB and not L2 ?
> it's less load less CPU etc..
> you can use HAPROXY or even plain linux for that.
>

One problem with using L2 is that you then lose the ability to log the
client IP address, everything appears to come from the load balancer.
Using L7 you can, at least on some load balancers, insert a
X-FORWARDED-FOR header with the client IP in it so you can log this in
squid using a custom log line.

-- 
Brett Lymn
"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."
Received on Thu May 23 2013 - 05:42:59 MDT

This archive was generated by hypermail 2.2.0 : Thu May 23 2013 - 12:00:35 MDT