lör 2010-03-27 klockan 18:42 +0100 skrev Khaled Blah: > Hi all, > > I'm developing an authentication helper (Negotiate/NTLM) for squid and > I am trying to understand more how squid handles this process > internally. Most of all I'd like to know how and how long squid caches > authentication results. I have looked at the debug logs and they show > that squid seems to do "less caching" for Negotiate/NTLM than it does > for Basic/Digest authentication. Due to the nature of NTLM & Negotate authentication it's the helper performing the Negotiate/NTLM handshake, and because of this there is no cache in Squid for these schemes as there is nothing to use as cache key. basic & digest auth is handled internally by Squid, and enables Squid to cache the credentials validity. In theory we could implement NTLM in similar manner, but it would then not be possible to integrate with Windows domain controllers / active directory. Don't know enough of Kerberos to tell what possibilities there may be to cache in Negotiate auth. > I am wondering whether I can do > something about this so that a once verified user will only get his > credentials re-verified after a certain time and not all during. I am > grateful to any insight the list can give me. Thanks in advance! In 2.7 there is a generic auth cache based on source IP, useful when the clients are single-user workstations. Regards Henrik