Re: [squid-users] Negotiate Keep-Alive

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 12 Feb 2014 10:30:37 +1300

On 2014-02-12 07:14, Allan Carvalho wrote:
> Dears Squid users and developers.
>
> I'm facing a problem with Windows 7,8 + Mozilla Firefox workstations.
> A brief explanation: these workstations (Windows 7, 8 with Mozilla
> Firefox) don't auth on a squid server with kerberos, but, everything
> is fine with IE and Chrome.
> A "half-solution" is set keep_alive off, but, i don't know the real
> effect of this solution, and, the documentation is not very clear (for
> me), can you please explain which problems i'll be disabling this
> function?

The configuration option "auth_param negoitiate keep_alive off" makes
Squid close the TCP connection when sending a 407 authentication
challenge for Negotiate authentication. This only happens in response to
the initial client request which has wrong or missing credentials. HTTP
persistent connections and pinning happens normally once credentials are
delivered.
  It and the identical setting for NTLM are sometimes necessary to
workaround broken client software which does not handle the auth
challenges properly. Usually you only need to set it to "off" when the
client software is trying to use NTLM authentication, possibly your
Firefox could be trying Negotiate/NTLM first rather than
Negotiate/Kerberos.

Amos
Received on Tue Feb 11 2014 - 21:31:11 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 12 2014 - 12:00:04 MST