On Fri, 2003-01-17 at 02:30, Henrik Nordstrom wrote:
> tor 2003-01-16 klockan 12.26 skrev Robert Collins:
>
> > It doesn't involve the helper - thats my point, that squid still needs
> > NTLM knowledge.
>
> To this I do not agree. Squid needs to have some knowledge of the
> protocol used between Squid and the helper, to know when the helper
> rejects an auth packet, or how to tell the helper that this is a packet
> from a new connection (not stricly needed for NTLMSSP as the helper can
> tell this is a new negotiate, but probably good anyway as a consistency
> measure)
Hmm.
here's the quandry: A failed digest auth should not drop persistent
connections. A failed basic auth should not drop persistent connections.
A failed NTLM auth should drop persistent connections.
We only need to drop the conenction after sending a set of HTTP auth
challenges if NTLM is active. If NTLM is not active, IE does the right
thing and authenticates on the same persistent connection.
So, I don't care *where* we have the logic, but something needs to
enapculate those two NTLM only changes.
Secondly, those changes apply equally to *all* NTLM helpers.
So, I don't see any reason to extract that knowledge from squid, we'll
end up duplicating logic all over the place, for no gain.
Rob
-- GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:07 MST