On 2014-02-12 07:14, Allan Carvalho wrote:
Dears Squid users and developers.
I'm facing a problem with Windows 7,8 + Mozilla Firefox workstations.
A brief explanation: these workstations (Windows 7, 8 with Mozilla
Firefox) don't auth on a squid server with kerberos, but, everything
is fine with IE and Chrome.
A "half-solution" is set keep_alive off, but, i don't know the real
effect of this solution, and, the documentation is not very clear (for
me), can you please explain which problems i'll be disabling this
function?
The configuration option "auth_param negoitiate keep_alive off" makes
Squid close the TCP connection when sending a 407 authentication
challenge for Negotiate authentication. This only happens in response to
the initial client request which has wrong or missing credentials. HTTP
persistent connections and pinning happens normally once credentials are
delivered.
It and the identical setting for NTLM are sometimes necessary to
workaround broken client software which does not handle the auth
challenges properly. Usually you only need to set it to "off" when the
client software is trying to use NTLM authentication, possibly your
Firefox could be trying Negotiate/NTLM first rather than
Negotiate/Kerberos.
Amos
