On Thu, 2003-01-16 at 21:38, Henrik Nordstrom wrote:
> tor 2003-01-16 klockan 10.44 skrev Robert Collins:
>
> > V2 is the helper-squid revision 2 protocol I think. We had exactly the
> > interface Andrew suggests back in the early days. It's actually a
> > straight forward case of removing optimisations to get what he needs.
>
> Then we are talking about two different things here.
>
> My proposal involves both a complete abstraction of NTLM from Squid
> moving the full responsibility of NTLM processing down to the helper and
> also quite significant changes to get rid of the limitation in number of
> helpers, allowing NTLM to run with a single helper if you like (assuming
> good connectivity to your backend). The only thing Squid is required is
> to keep connectivity state between client connection and helper.
As I'll be maintaining the ntlm_auth helper in Samba, I have to say that
I would oppose this. I want ntlm_auth to be a generic NTLM
authenticator - using a protocol that the myriad of projects doing
NTLMSSP could use, and use well. For this reason, I would like to try
to avoid putting what really seems like squid logic into the helper.
I certainly think that squid should never parse an NTLMSSP packet, but
the rest of the logic seems to belong there, IMHO
Andrew Bartlett
-- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:06 MST