Re: Windows NTLM authenticator

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 8 Sep 2003 23:42:31 +0200

On Monday 08 September 2003 23.22, Henrik Nordstrom wrote:
> On Monday 08 September 2003 21.30, Serassio Guido wrote:
> > I think that some glue on challenge reuse between Squid and
> > helpers is needed:
> >
> > auth_param ntlm max_challenge_reuses
> > auth_param ntlm max_challenge_lifetime
> >
> > are totally non sense with a real NTLMSSP helper.
>
> Correct. These directives only make sense if challenge reuses is
> allowed.

Or to be more precise: "max_challenge_reuses 0" is supposed to deny
the reuse of challenges, and in such configuration
"max_challenge_lifetime" does not have any purpose.

Still there is no need for additional glue.

For long-term plans see earlier discussion regarding overlapping
requests and NTLM. For Squid-3.1 we probably should throw out the
whole challenge reuse layer and move this down to the helpers with
the help of operlapping requests to the helpers, if at all needed.

Regards
Henrik
Received on Mon Sep 08 2003 - 15:42:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:40 MST