Re: Proposed extension to the NTLM helper protocol

From: Robert Collins <robertc@dont-contact.us>
Date: Sat, 06 Nov 2004 20:24:00 +1100

On Sat, 2004-11-06 at 19:48 +1100, Andrew Bartlett wrote:

> I see no cache - the state of the authentication system is not reset
> yet,

Thats not guaranteed.

> and squid still holds a handle to the helper. The request for the
> user groups (cookie) should be directly and immediately on receipt of
> 'AF' from the helper.
>
> However, I think I see your complaint - because it's technically (and
> potentially) a blocking call, Squid would need extra logic to defer
> 'authentication success' until this information is available.

Right.

> > Surely just stuffing the answer in the result sent to squid is easier
> > for you? Its easier for squid.
>
> I didn't want to introduce an incompatible change to the protocol -
> which is now in use further than squid.

I suggest adding an option to the helper to enable returning the info,
that way its site specific, and when squid has something implemented, it
will always just be 'use if present'.

Rob

Received on Sat Nov 06 2004 - 02:24:13 MST

This archive was generated by hypermail pre-2.1.9 : Tue Nov 30 2004 - 12:00:03 MST