"Amos Jeffries" <squid3@xxxxxxxxxxxxx> wrote in message
news:a33f8edad2f5caa9757fe142bb456aba@xxxxxxxxxxxxx...
On Wed, 14 Dec 2011 13:22:38 -0200, Wladner Klimach wrote:
Hello,
i'm running squid with kerberos authentication. The problem is that
it's runing too slow. Looks like squid is negotiating with AD every
URL it tries to get. Anyone could point me a way out?
A few things:
* Double-check that you have connection persistence (keep-alive)
operating on all connections (both client and server).
* Ensure that your squid is as recent as you can use, we have had ongoing
small fixes to improve persistence across all releases this past year.
* Check that the auth packets are not failing over into NTLM or older
protocols in apps which are supposed to be on Kerberos.
* Maybe also check that DNS lookups Kerberos depends on for DC location
are responding fast with reasonable TTL.
For Kerberos authentication DNS would only be required on the client not the
squid server. If you use squid_kerb_ldap then the squid server does DNS
queries and nscd or a local caching DNS server should be used to cache DNS
results.
Amos
Regards
Markus
