Hi Robert,
Il 23.31 07/09/2003 Robert Collins ha scritto:
>On Mon, 2003-09-08 at 04:03, Serassio Guido wrote:
>
>ntlm caching cannot be used with the windows backend, as you aren't
>choosing your challenge - it's being supplied.
My impression was correct.
The helper currently don't allow the reuse of a challenge with a sort of
two state architecture:
YR => TT with a challenge generated from a fake negotiate packet
KK => AF or NA
and again
YR => TT
KK => AF or NA
if a KK is got with an already used challenge, a BH is generated.
It seems that in Squid there is a problem:
I'm using auth_param ntlm max_challenge_reuses 0, but sometimes I get a KK
without a YR, the helper sends a BH to squid and Internet Explorer pop-ups
for authentication.
>Kinkie has a patch in development to supply the negotiate to the helper,
>and force the squid.conf settings to a compatible level.. will try to
>find time to review it, so we can move it along.
Very interesting, the helper is ready for the real NEGOTIATE packet.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l.
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Mon Sep 08 2003 - 02:28:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:40 MST