-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 23/10/2014 5:53 p.m., Victor Sudakov wrote: > Eliezer Croitoru wrote: > >> And about the basic issues that you were having with performance, >> does it help to run Kerberos instead of NTLM (it should...)? > > I have even moved squid to a new virtual machine (FreeBSD > 9.3-RELEASE under VMWare, 1 GB RAM) and performance still sucks > royally. > > The Web access is fast in the morning, but I begin getting > complaints about "slow Internet" by lunchtime. I myself can visualy > see the performance degradation while browsing the web, and the > growth of the squid memory consumption. I observe about 25-30 > negotiate_kerberos_auth processes simultaneously. > > My config: > > auth_param negotiate program > /usr/local/libexec/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME > auth_param negotiate children 100 startup=5 idle=10 auth_param > negotiate keep_alive on > > If I set "auth_param negotiate keep_alive" to off, should it > improve performance? You can try it if you like. It is a workaround to MSIE 6.0 NTLM implementation bugs, so should not have any effect on Kerberos. But may help with older clients using Negotiate/NTLM. I recall you had IDENT protocol acting as a bypass on user login earlier. Are you still using that with the new IDENT bug fix patch in your Squid-3.4? Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUSIwWAAoJELJo5wb/XPRj1S0IALhQF646CI82XVEcNFtUsx8p 9QfzV1PlUgbhvPYbNIR/aLuvnObPgutThRe4hJ9GSgMES78MTShuDK3EmMAgkM/J UKt/xjvMvBlBkFS3iopfV7vPo/zaX5AHshCpSLw5OaKg2nuC276LgSvNx6JMfln/ LD7o7HvhLXPwBoS5BBWf/y1qsDw8wBF1JyNwhySxkhbVWV8nrP/sb6FY4XClZln4 4UcJmKAIoNiQ2npaZRTguHh0DXVaEnWUumhUN+qBsO0kAQ2pIL4yyxxQuNLcAhgp TJCc/mRW8mYY2QcsVdTGWjGWe2mfVgyV9TYIFriHqf9cqIDXsqiv9LFWiOidSpI= =ekNx -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
