On 18/05/2016 5:57 p.m., Eugene M. Zheganin wrote: > Hi. > > I've just checked that squid 3.5.19 sources, and discovered the > following fact that is really disturbing: > (first some explanation) > Markus Moeller, the author of the external kerberos group helper, has > implemented the Kerberos credentials cache in the > ext_kerberos_ldap_group_acl helper back in the 2014. The idea is to > cache the credentials inside the helper instance, so when it encounters > a request with user id and group that are already in the cache, the > helper can skip the kerberos initialization sequence for this set of > credentials. This cached version is times faster than original one, that > doesn't use the cache. > > (now the disturbing fact) > Surprisingly, the cached version didn't make it to the main tree for 2 > past years. > Could this situation be corrected please ? I don't know what you mean by "the main tree". But The feature you describe does not qualify for adding to the 3.5 production release series. The only features added to a series after is goes to "stable" production releases are ones which resolve non-feature bugs or can be done without affecting existing installations. By changing the helper behaviour in all cases this clearly affects existing installations. So only qualifies for including into the next series, which is Squid-4. It is a bit disappointing that 4.x is not yet in stable series itself. But we need to get the major bugs in the new code fixed before that can happen. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
