Search squid archive

Re: Authentication pass-through cache_peer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 22/11/2016 1:33 a.m., Eduardo Carneiro wrote:
> Hi all.
> 
> Sorry if this is already answered here. But I couldn't find any clear tips
> about this topic.
> 
> I'm using Squid 3.5.19 with dynamic content caching in a huge user base
> (almost 10.000). Due to the large number of requisitions, internet access is
> getting very slow.

FYI: first optimization should be removing NTLM. It doubles the number
of HTTP messages required for clients to do anything, and requires the
proxy to disable many HTTP performance features.

> 
> So I decided to use cache_peer to balance the traffic between servers. Would
> be a basic environment. One child (that receive the requisitions of the
> users) and three parent servers in a cluster. The problem is the
> authentication.
>  
> Today I use NTLM to authenticate my accesses (in a AD Win2008). I have read
> here, that Squid doesn't support ntlm pass-through between child -> parent
> servers.

Squid does support pass-through. Just use login=PASSTHRU in the child
proxy cache_peer lines.

What it doesn't support is using obsolete NTLM protocol to authenticate
_itself_ to parent proxies. (Yes NTLM was formally deprecated by MS in
April 2006).

> 
> The question I have is: There is any way to send user authentication
> credentials of the child server to parent servers transparently? Without
> need to enter username and password in the browser authentication box?

cache_peer ... login=PASSTHRU

Required that the frontend proxy using this does not do authentication
itself. That is done solely by the peer receiving the credentials.

HTH
Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux