Re: Join to discuss NTLM Authentication

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 3 Mar 2003 10:50:04 +0100

On Monday 03 March 2003 01.41, Gary Price \(ICT\) wrote:

> - detect when NTLM auth is required

yes

> say, by looking at response headers.

by looking at the request headers.

> - put the corresponding FD in the pconn cache with a key
> that depends on the client IP and port

the pconn cache should not be used for such connections.

on connection oriented authentication the server connection should be
managed by the client connection, and not even entered into the pconn
cache.

then when a request is to be sent and it is detected that the client
connection requires end-to-end connection orientation then the server
filedescriptor is retreived from the client connection (and cached
in), not the pconn cache.

> - set a much longer timeout on the FD than the pconn cache has
> at present

the pconn timeout is not relevant.

what you need is a tighter bond between the connection, closing the
client connection if the server connection is closed and also the
reverse, closing the server connection if the client connection is.

Regards
Henrik
Received on Mon Mar 03 2003 - 02:48:29 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:23 MST