Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux Virtual Server: Users

[lvs-users] Autentication squid + LVS

  

 
Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded


maiquelconsalter at gmail

Aug 30, 2007, 5:19 AM

Post #1 of 5 (516 views)
Permalink
[lvs-users] Autentication squid + LVS
Hi people, i am new in the list, but i have the thow machines
in cluster with heartbeat + LVS, but my doubt how function the LVS + squid
with autentication?


--

.~.
/ v \ Seja Livre, use GNU/Linux!
/( )\
^^-^^
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jmack at wm7d

Aug 30, 2007, 5:33 AM

Post #2 of 5 (490 views)
Permalink
Re: [lvs-users] Autentication squid + LVS [In reply to]
On Thu, 30 Aug 2007, maike wrote:

> Hi people, i am new in the list, but i have the thow machines
> in cluster with heartbeat + LVS, but my doubt how function the LVS + squid
> with autentication?

Having a quick look with google to learn about squid
authentication, it sounds like, given enough requests, the
client will have to authenticate with every realserver.

Does the client do this automatically, or does the user have
to enter a name/passwd pair?

If the latter, you might have to turn authentication off.

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


maiquelconsalter at gmail

Aug 30, 2007, 5:41 AM

Post #3 of 5 (477 views)
Permalink
Re: [lvs-users] Autentication squid + LVS [In reply to]
i have two situations .... I use NTLM for clients the S.O Windows, the
clients dont need to enter
user/passwd because use single-syn-on. but the users with s.O LINUX/MAcos
enter with
user anda password,

2007/8/30, Joseph Mack NA3T <jmack [at] wm7d>:
>
> On Thu, 30 Aug 2007, maike wrote:
>
> > Hi people, i am new in the list, but i have the thow machines
> > in cluster with heartbeat + LVS, but my doubt how function the LVS +
> squid
> > with autentication?
>
> Having a quick look with google to learn about squid
> authentication, it sounds like, given enough requests, the
> client will have to authenticate with every realserver.
>
> Does the client do this automatically, or does the user have
> to enter a name/passwd pair?
>
> If the latter, you might have to turn authentication off.
>
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
> Send requests to lvs-users-request [at] LinuxVirtualServer
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>



--

.~.
/ v \ Seja Livre, use GNU/Linux!
/( )\
^^-^^
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


graeme at graemef

Aug 30, 2007, 5:50 AM

Post #4 of 5 (471 views)
Permalink
Re: [lvs-users] Autentication squid + LVS [In reply to]
On Thu, 2007-08-30 at 09:41 -0300, maike wrote:
> i have two situations .... I use NTLM for clients the S.O Windows, the
> clients dont need to enter
> user/passwd because use single-syn-on. but the users with s.O LINUX/MAcos
> enter with
> user anda password,

The simplest way to work around this, given a large enough pool of
clients, is to use persistence with a timeout appropriate to your
organisation.

That way, a given client goes to realserver (squid) A and uses it
exclusively until they idle outside the persistence timeout. They then
get assigned to another realserver (which may be realserver A again) and
may be asked to authenticate again. You could explain this to your users
thus:

If you stop web browsing for more than 60 minutes, you may be asked to
authenticate again to continue.

Graeme


_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users


jmack at wm7d

Aug 30, 2007, 6:02 AM

Post #5 of 5 (475 views)
Permalink
Re: [lvs-users] Autentication squid + LVS [In reply to]
On Thu, 30 Aug 2007, Graeme Fowler wrote:

> The simplest way to work around this, given a large enough pool of
> clients, is to use persistence with a timeout appropriate to your
> organisation.

The problem with that is that you'll always be on the same
realserver. The -DH scheduler is designed to work with
squids and will land the client on the squid that caches the
appropriate content.

Graeme's way will work, but fetches will be slower (how much
slower I don't know, but the speed-up from differentiated
squids is required in commercial squid setups). As well all
squids will wind up with all content, rather than the
content being being spread around (ie each squid having a
unique cache).

> If you stop web browsing for more than 60 minutes, you may
> be asked to authenticate again to continue.

asking users to authenticate again to websurf, when they've
already authenticated for login, is a real pain. Is there
some other way to handle it? eg a single sign-on that works
for all users; radius which sets up iptables rules to stop
the machine from surfing until authenticated for websurfing?

Joe

--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!

_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Linux Virtual Server users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.