Выдержка из документации:
Kerberos can keep a replay cache to detect the reuse of Kerberos
tickets (usually only possible in a 5 minute window) . If squid is
under high load with Negotiate(Kerberos) proxy authentication requests
the replay cache checks can create high CPU load. If the environment
does not require high security the replay cache check can be disabled
for MIT based Kerberos implementations by adding the following to the
startup scriptKRB5RCACHETYPE=none export KRB5RCACHETYPE
Я всёс строку в rc-скрипт и перезапустил squid. Проверяем, применился ли данный enviroment:
# procstat -e 74823
PID COMM ENVIRONMENT
74823 ext_kerberos_ldap_g SQUID_DEBUG=ALL,1 VENDOR=intel SUDO_COMMAND=/usr/local/bin/bash LOGNAME=root PAGER=more OSTYPE=FreeBSD MACHTYPE=i386 MAIL=/var/mail/root KRB5_KTNAME=/usr/local/etc/squid/squid.keytab PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin EDITOR=vi HOST=proxy.local REMOTEHOST=10.10.10.2 OLDPWD=/usr/home/skeletor SUDO_GID=0 PWD=/var/squid _=/usr/local/etc/rc.d/squid GROUP=squid TERM=screen USER=root HOME=/root KRB5RCACHETYPE=none HOSTTYPE=FreeBSD SHELL=/usr/local/bin/bash SUDO_USER=skeletor SUDO_UID=1001 USERNAME=root BLOCKSIZE=K RC_PID=74572 SHLVL=2
Как видно – да, всё в порядке.