Re: [PATCH] Add auth_param request_format, request_realm to proxy authentication schemes

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 19 Nov 2013 09:39:30 +1300

On 2013-11-19 08:47, Alex Rousskov wrote:
> On 11/18/2013 10:57 AM, Tsantilas Christos wrote:
>> On 11/15/2013 05:11 PM, Amos Jeffries wrote:
>>> in src/auth/ntlm/UserRequest.cc:
>>>
>>> * the YR and KK are lookups codes, not part of the credentials. They
>>> must be first on the helper query line and not manipulable by the
>>> admin.
>>> - same problem in Negotiate as well.
>>
>>
>> If we remove the lookupcodes from credentials then we have to
>> implement
>> one more formating code which will print the type of cretendials.
>>
>> I believe that it is better to keep YR and KK as part or cretendials
>> as
>> prefixes which describe type of cretendials.
>

This is kind of a non-problem since those codes are only used by
NTLM/Negotiate which are not re-used from the username cache like Basic
is. They are 'cached' by being tied 1:1 to a particular ConnStateData
object and there is no cache key to worry about. The username_cache
entries for NTLM/Negotiate are strictly for cachemgr reporting purposes.

>
> I agree, but this point will probably become moot if we delete all
> %credentials code. If I understand Amos request correctly, the patch
> should only append user-configurable fields (no %credentials there!) to
> the internally generated (by the old code!) [type+]credentials buffer.
>

Yes.

Amos
Received on Mon Nov 18 2013 - 20:39:33 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 19 2013 - 12:00:10 MST