Amos Jeffries wrote > On 22/11/2016 1:33 a.m., Eduardo Carneiro wrote: >> Hi all. >> >> Sorry if this is already answered here. But I couldn't find any clear >> tips >> about this topic. >> >> I'm using Squid 3.5.19 with dynamic content caching in a huge user base >> (almost 10.000). Due to the large number of requisitions, internet access >> is >> getting very slow. > > FYI: first optimization should be removing NTLM. It doubles the number > of HTTP messages required for clients to do anything, and requires the > proxy to disable many HTTP performance features. > >> >> So I decided to use cache_peer to balance the traffic between servers. >> Would >> be a basic environment. One child (that receive the requisitions of the >> users) and three parent servers in a cluster. The problem is the >> authentication. >> >> Today I use NTLM to authenticate my accesses (in a AD Win2008). I have >> read >> here, that Squid doesn't support ntlm pass-through between child -> >> parent >> servers. > > Squid does support pass-through. Just use login=PASSTHRU in the child > proxy cache_peer lines. > > What it doesn't support is using obsolete NTLM protocol to authenticate > _itself_ to parent proxies. (Yes NTLM was formally deprecated by MS in > April 2006). > >> >> The question I have is: There is any way to send user authentication >> credentials of the child server to parent servers transparently? Without >> need to enter username and password in the browser authentication box? > > cache_peer ... login=PASSTHRU > > Required that the frontend proxy using this does not do authentication > itself. That is done solely by the peer receiving the credentials. > > HTH > Amos > > _______________________________________________ > squid-users mailing list > squid-users@.squid-cache > http://lists.squid-cache.org/listinfo/squid-users Thanks for the answers. So, Amos, if I to use Negotiate/Kerberos or any basic auth, the PASSTHRU parameter will works for my purpose. That's right? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-pass-through-cache-peer-tp4680587p4680590.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
