I've seen a race condition here. The NCSA helper only reopens the file when it sees the modification time change. If the overwrite procedure doesn't create a temp file and move the full new file over the old one, squid might pick up on a partially-uploaded file and not bother to re-read the file until its modification time changes again. I solved it by an scp followed by a rename. See if that fixes it for you. Adrian On Wed, Sep 05, 2007, DiGeronimo,Sergio (IT Solutions CA) wrote: > I've been having an intermittent problem with user authentication over the > last couple of months. For reasons I've yet to understand, users will all > of a sudden not be able to authenticate (we're using ncsa_auth) to Squid > despite providing valid credentials (confirmed with debug_options ALL,1 > 29,9) ; Squid will repeatedly prompt the user for authentication and > ultimate deny access due to authentication failure. > > Basically, we have users directed to one of two proxy's (Solaris 8, > Squid-2.5.STABLE10) via a proxy auto configuration file. We ftp out a > password file (about 75K) to both proxy's which overwrites the active > password file used by Squid. > > The problem appears to occur against each proxy simultaneously and so we had > suspected a problem with the fact that we're overwriting the active password > file (although we confirmed it is being ftp'ed out intact)but we've not been > able to establish any correlation. Also, tried increasing auth_param basic > children but to no avail. > > Ultimately, the symptoms 'go away' after a few minutes or alternatively > we're able to stabilize things by bouncing squid issuing a 'squid -k > reconfigure' ; interestingly after doing this we observe several 'Clearing > cache ACL results for user: <username>' entries in cache.log where > <username> matches the account name of a user actively experiencing the > problem. > > Would appreciate any insights? Thank-you. > > > Regards, > > Sergio Di Geronimo > SIEMENS > Siemens IT Solutions and Services -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level bandwidth-capped VPSes available in WA -
