Hi, we run a couple of squid caches using the squid_kerb_auth helper to do Negotiate GSSAPI authentication and generally it all works rather nicely but we will get little bursts of the following error 2012/06/20 14:54:02| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH gss_accept_sec_context() failed: A token was invalid. unknown mech-code 1859794441 for mech unknown' Always with that particular mech-code. Given the number of successful hits on the cache (couple of million a day) I'm struggling to identify whats causing these errors and how to rectify so suggestions welcomed. As well as wanting to identify the root cause, this problem has the effect that every time squid_kerb_auth deals with one of these requests the kerberos libraries (heimdal 1.5pre1 from NetBSD 5.99.59) keeps a file descriptor open to the keytab file (actually two) so eventually the squid_kerb_auth hits the max filedescriptors per process limit and other things start to fail (if it hasn't been restarted before then). cheers mark
