[squid-users] squid as a local proxy for kerberos authentication

[Christoph Mathys]

Hello everyone,

I'm considering installing Squid on user devices to authenticate
against corporate proxies using Kerberos. This approach allows me to
set http_proxy=localhost:3128 for various tools, enabling transparent
authentication.

When it works, it works quite well!

However, before corporate proxies can be reached or resolved, users
need to establish a VPN connection to the corporate network.

I've noticed that Squid doesn't handle situations well when it cannot
resolve or connect to cache_peers. I'm wondering if the retry behavior
can be tweaked so that Squid retries connecting to cache_peers
whenever a new request is received, or after a short delay (e.g., when
a user realizes the VPN isn't up, connects, and then refreshes with
F5).

I wanted to ask here first before diving into the code or implementing
a workaround.

Currently, my workaround is to manually restart Squid when it decides
that no cache_peers are available (IIRC, returning http 500).

I'm on macOS, and since this is a corporate setup, my options are
somewhat limited.

Thanks for any suggestions!
Christoph