Hi I have successfully configured kerberos authentication in squid 3.1.10 using squid_kerb_auth helper and tested it in IE and Chrome on machine joined to a Windows 2008 domain controller. I took a look at squid's access.log and recognized that almost 40% of the requests have failed on the first attempt with TCP_DENIED/407 and succeeded on the second. It seems that the browser does not send the authentication header for every new connection thus fails on 1st attempt. Is this something normal with kerberos? Is this not how ntlm works? What can I do about it? -- Best, Hooman Valibeigi
