Re: NTLM

From: Robert Collins <robert.collins@dont-contact.us>
Date: Tue, 26 Feb 2002 01:04:53 +1100

===
----- Original Message -----
From: "Henrik Nordstrom" <hno@marasystems.com>

> If you look back in the discussion a little I have the same opinion
> here. Robert seems to differ, wanting to put as much as possible of
> the challenge logic into Squid and use a secure channel to the DC for
> verifying the responses, relayed via winbindd.

In addition to maintaining support for NTLMSSP that is.

> > Well, we'd need a better helper (looking back at the current
> > NTLMSSP, well let's just say it's not something I'm proud of - in
> > fact I'm ashamed) AND a way of multiplexing stuff to/from the
> > helper. All of this has already been told :)
>
> No big deal. Extending the (what you call ugly) NTLMSSP helper for N
> concurrent sessions should be no more than about 30 minutes job to
> clean up the few global states left. The hard part is in Squid to
> kill the challenge reuses and instead keep track of multiple
> sessions to each helper. A client connection is exclusively bound to
> a helper session during the authentication.

Yes - that binding is in place already. The challenge is also already
stored per connection.

Rob
Received on Mon Feb 25 2002 - 07:03:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:49 MST