Re: Proposed extension to the NTLM helper protocol from Andrew Bartlett on 2004-11-06 (squid-dev)

From: Andrew Bartlett <abartlet@dont-contact.us>
Date: Sat, 06 Nov 2004 19:28:29 +1100

On Sat, 2004-11-06 at 12:26, Robert Collins wrote:
> On Sat, 2004-11-06 at 12:24 +1100, Andrew Bartlett wrote:
> > I wish to propose an extension to the NTLM helper/squid protocol, such
> > that a squid redirector, or a external ACL helper, may access the list
> > of groups.
> >
> > A new command to ntlm_auth, UG, would request the list of user groups
> > from the last authentication. This uses the fact that in NTLM and
> > SPNEGO authentication, the authentication produces the group list, that
> > should be valid for a particular session.
>
> It shouldn't be a new command. The cookie should just be returned with
> the auth. (Anything else races hugely with overlapped requests).

How so?

Squid controls when it asks for a new authentication, it can just do the
extra round-trip after getting the AF.

For the multiplexed helper, it is just prefixed with the multiplex
integer, as for all other requests.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net

application/pgp-signature attachment: This is a digitally signed message part

Received on Sat Nov 06 2004 - 01:28:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Nov 30 2004 - 12:00:03 MST