On Tue, 2005-08-02 at 18:18 -0300, Carlos Zottmann wrote: > Hi !! > > We are having some problems with our domain controllers that is > slowing down squid during peak ours, due to ntlm authentication. > > We considered changing the value of Max_Challeng_Reuse from 0 to some > higher value, in order to decrease the load on the domain controllers > coming from squid, but I would like to know what are the possible > consequences, specially regarding performance, before actually > commiting this change. With max_challenge_reuse set to anything but 0, squid will perform a replay attack on the NTLM authentication to increase authentication performance. Everything should work more or less fine (if you see failed auths you may want to enable the helper-fail-open config option and helper flag - be warned that doing so is a security compromise). Also be aware that support for that feature is being removed from squid-3. Kinkie
