I switched from 3.3.8 to 3.4.2, and apparently, I got problems with auth too (I'm using negotiate_wrapper and ext_kerberos_ldap_group_acl, most clients are using kerberos). The CPU load started growing, and for some clients we got "connection timed out" on a random basis. I quick switched back to 3.3.8, because it is an high load proxy server, but I will try to isolate another server with 3.4.2 when possible.
On Wed, Jan 8, 2014 at 1:05 AM, Amos Jeffries <[email protected]> wrote: > On 7/01/2014 10:21 p.m., Rietzler, Markus (RZF, SG 324 / > <RIETZLER_SOFTWARE>) wrote: >> thanxs, >> >> our assumption is, that it is related to helper management. with 3.4. there >> is a "new helper protocol", right? > > Right. That is the big user-visible bit in 3.4. > > But there are other background changes involving TCP connection > management, authentication management, ACL behaviours and some things in > 3.3 series also potentially affecting NTLM. > > The feature changes just give us a direction to look in. We still have > to diagnose each new bug in detail to be sure. There are others already > using NTLM in older 3.3/3.4 versions without seing this problem for example. > >> our environment worked with 3.2 without problems. now with the jump to 3.4. >> it will not work anymore. so number of requests are somehow important but as >> it worked in the past... >> >> if we go without ntlm_auth we can't see any high cpu load. so the first >> thought ACL and eg. regex problems can be >> discarded. maybe there are some cross influences. but we think it lies >> somewhere in helpers/auth. > > Did you get any better cache.log trace with the debug_options 29,9 84,9? > > Amos >
