Search squid archive

Re: Too many TCP_DENIED/407 when using Kerberos authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/10/2013 8:25 a.m., Ron Wheeler wrote:
Yes
Yes
Nothing?


Er. That should be: "yes.  no. upgrade?"

NTLM will only succeed on the *third* attempt. So some 60% of requests get DENIED. Usually on the pattern that two connections are used - the first only gets a DENIED then closed, the second gets DENIED then success.

We are continuously improving Squid and there have been many NTLM fixes since 3.1 series and a few in Kerberos handling as well. So upgrading to the latest stable will possibly improve things a little bit for the problems not yet noticed even though the described behaviour is expected.


I think that the problem comes from the fact that the browser has no idea about what the authentication will be (if any) when it first makes the request. Once the server says "Whoa, Why should I let you in?", the browser knows that it needs to engage in an authentication process.


Exactly so. Good description BTW.

I could be wrong but I am sure that a quick Google will get you a full description of the process.

Ron

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux