How to set "KRB5RCACHETYPE=none" environment variable in FreeBSD 10?

Question

How to set "KRB5RCACHETYPE=none" environment variable in FreeBSD 10?

1.8k views Asked by Adrenal1ne At 24 November 2024 at 02:50

Kerberos can keep a replay cache to detect the reuse of Kerberos tickets (usually only possible in a 5 minute window). If squid is under high load with Negotiate(Kerberos) proxy authentication requests the replay cache checks can create high CPU load. If the environment does not require high security the replay cache check can be disabled for MIT based Kerberos implementations by adding the following to the startup script:

KRB5RCACHETYPE=none export KRB5RCACHETYPE

what , where to write ?

Original Q&A

There are 1 answers

**Adrenal1ne** · Answer 1 · 2015-06-10 10:55:59

Full path /usr/local/etc/rc.d/squid

Add line "KRB5RCACHETYPE=none export KRB5RCACHETYPE" in this section:

squid_prestart()
{
    # prepare the state directory:
    [ -d ${state_dir} ] && rm -rf ${state_dir}
    install -d -o ${squid_user} -m 0755 ${state_dir}

    # setup KRB5_KTNAME:
    KRB5RCACHETYPE=none export KRB5RCACHETYPE
    squid_krb5_ktname=${squid_krb5_ktname:-"NONE"}
    if [ "${squid_krb5_ktname}" != "NONE" ]; then
            export KRB5_KTNAME=${squid_krb5_ktname}
    fi

    # setup FIB tables:
    if command -v check_namevarlist > /dev/null 2>&1; then
            check_namevarlist fib && return 0
    fi

    ${SYSCTL} net.fibs >/dev/null 2>&1 || return 0

    squid_fib=${squid_fib:-"NONE"}
    if [ "${squid_fib}" != "NONE" ]; then
            command="setfib -F $squid_fib $command"
    else
            return 0
    fi
}

#service squid restart

or

TechQA.

How to set "KRB5RCACHETYPE=none" environment variable in FreeBSD 10?

There are 1 answers

#service squid restart

#killall -9 squid

#service squid start

Related Questions in FREEBSD

Popular Questions

Popular Tags

Trending Questions