On 2014-02-12 07:14, Allan Carvalho wrote:
Dears Squid users and developers. I'm facing a problem with Windows 7,8 + Mozilla Firefox workstations. A brief explanation: these workstations (Windows 7, 8 with Mozilla Firefox) don't auth on a squid server with kerberos, but, everything is fine with IE and Chrome. A "half-solution" is set keep_alive off, but, i don't know the real effect of this solution, and, the documentation is not very clear (for me), can you please explain which problems i'll be disabling this function?
The configuration option "auth_param negoitiate keep_alive off" makes Squid close the TCP connection when sending a 407 authentication challenge for Negotiate authentication. This only happens in response to the initial client request which has wrong or missing credentials. HTTP persistent connections and pinning happens normally once credentials are delivered. It and the identical setting for NTLM are sometimes necessary to workaround broken client software which does not handle the auth challenges properly. Usually you only need to set it to "off" when the client software is trying to use NTLM authentication, possibly your Firefox could be trying Negotiate/NTLM first rather than Negotiate/Kerberos.
Amos