Hello, I'm having an issue with squid_kerb_auth. It seems not all proxy requests are getting serviced. When falling back on NTLM the requests come though fine. My guess is subsequent GET requests made over Proxy_KeepAlive sessions are not getting serviced. I confirmed this on a trace using Wireshark where the client requests a page but Squid doesn't come back with an answer. Is this a known issue? I'm currently running squid3-3.1.6 and have seen this behavior both with the include squid_kerb_auth and a seperately compiled binary. squid.conf follows: http_port 8080 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? acl apache rep_header Server ^Apache logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh access_log /var/log/squid/access.log combined auth_param negotiate program /usr/libexec/squid/squid_kerb_auth -d -s HTTP/dc32-wgw01.nix.DOM.LOCAL@xxxxxxxxxxxxxx auth_param negotiate children 30 auth_param negotiate keep_alive on auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate on external_acl_type AD_US_TEMPS ttl=3600 negative_ttl=3600 %LOGIN /usr/bin/squid_kerb_ldap -d -g temps@xxxxxxxxxxxx external_acl_type AD_US_ITDEPT ttl=3600 negative_ttl=3600 %LOGIN /usr/bin/squid_kerb_ldap -d -g ITDept@xxxxxxxxxxxx refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl firefox_browser browser Firefox acl UnrestrictedUsers external AD_US_ITDEPT acl TempUsers external AD_US_TEMPS acl AuthorizedUsers proxy_auth REQUIRED acl hq-dmz src 10.50.192.0/24 acl hq-servers src 10.50.64.0/23 10.50.4.0/24 acl hq-services src 10.50.8.0/24 10.50.2.0/24 acl hq-dev src 10.50.66.0/24 acl ie_urls dstdomain "/etc/squid/ie_urls.allow" acl service_urls dstdomain "/etc/squid/service_urls.allow" acl dev_urls dstdomain "/etc/squid/dev_urls.allow" acl hq-servers_urls dstdomain "/etc/squid/servers_urls.allow" acl temp_urls dstdomain "/etc/squid/temp_urls.allow" acl SSL_ports port 443 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow hq-servers hq-servers_urls http_access deny hq-servers http_access allow hq-services service_urls http_access deny hq-services http_access allow hq-dev dev_urls http_access deny hq-dev http_access allow TempUsers temp_urls http_access deny TempUsers all http_access allow UnrestrictedUsers http_access deny UnrestrictedUsers all http_access deny !AuthorizedUsers http_access allow all http_access deny all http_reply_access allow all icp_access allow all cache_mgr support@xxxxxxxxx coredump_dir /var/spool/squid Thanks, M. de Jong