On Wed, Jan 8, 2014 at 1:05 PM, Amos Jeffries <[email protected]> wrote: > On 7/01/2014 10:21 p.m., Rietzler, Markus (RZF, SG 324 / > <RIETZLER_SOFTWARE>) wrote: >> thanxs, >> >> our assumption is, that it is related to helper management. with 3.4. there >> is a "new helper protocol", right? > > Right. That is the big user-visible bit in 3.4. > > But there are other background changes involving TCP connection > management, authentication management, ACL behaviours and some things in > 3.3 series also potentially affecting NTLM. > > The feature changes just give us a direction to look in. We still have > to diagnose each new bug in detail to be sure. There are others already > using NTLM in older 3.3/3.4 versions without seing this problem for example. > >> our environment worked with 3.2 without problems. now with the jump to 3.4. >> it will not work anymore. so number of requests are somehow important but as >> it worked in the past... >> >> if we go without ntlm_auth we can't see any high cpu load. so the first >> thought ACL and eg. regex problems can be >> discarded. maybe there are some cross influences. but we think it lies >> somewhere in helpers/auth. > > Did you get any better cache.log trace with the debug_options 29,9 84,9? > > Amos >
I have the same problem here, I noticed it when I went from 3.3.8 to 3.4.2. I assumed the problem was introduced with 3.4.x, so I went back to 3.3.11 and it is working fine. I'm using aufs, negotiate_kerberos_auth and a custom external acl helper. Unfortunately these are production servers, so I can't strace or increase logging as suggested.
