On Sun, 19 Sep 2010 12:37:38 -0700, "David Parks" <davidparks21@xxxxxxxxx> wrote: > I've simplified things as far as I can think to and still get what appear > to > be random TCP_DENIED/407 errors after I've been authenticated. > > Using Squid 2.7 STABLE 9, I'm now just using the digest_pw_auth > authenticator with a single user pw file of test:test. > > If I turn off authentication there's no problem. But with authentication on > I can't get much further than a page or two of sites like Yahoo.com or > LATimes.com (sites with many resources) before I get a 407. > > I've run some wireshark captures and could post the http header > request/responses if that helps any. I don't know the digest authentication > protocol well enough to follow all the nonce transitions and all of that to > see if it's a problem. > > Here is my squid.conf in hopes that someone might have some ideas on > direction I could take in debugging this. > > Is there any way to get more info from Squid about why it's throwing 407's? debug_options 29,6 Squid has a few strange things going on with ref-counting of the credentials. Particularly relevant would be race conditions erasing the past credentials if a new validation re-check fails. NP: 3.2 has had an overhaul in the credentials management to remove such bugs. But the digest side has not yet had strong testing. If you are able to help out with the testing and fixing any found issues there it may prove more reliable. Amos
