On Mon, 2004-11-01 at 01:29, Henrik Nordstrom wrote:
> On Sat, 30 Oct 2004, Andrew Bartlett wrote:
>
> > Actually, now I re-read this, I think know what you you mean:
> >
> > 0 YR ........
> > 1 YR ......
> > 1 TT #########
> > 1 KK ......
> >
> > Is there are 'shutdown' command?
>
> What you refer to by 'shutdown'?
>
> There is not yet any explicit command for "authentication session
> aborted", it simply resets on the next YR with the same session
> identifier. Not sure if this is needed.
This should not be hard to add later. In any case, I've implemented
this in Samba4's ntlm_auth, and I'll get it ported to Samba3 at some
point. I've also added support for Samba3 winbindd to Samba4's
ntlm_auth, so we can use the newer code with the old backend.
> Shutdown of the helper is on EOF as before. The only difference is
> that the helper should take care to respond to all pending requests before
> exiting if reordering is supported by the helper. If reordering is not
> supported by the helper then there won't be any pending requests when it
> detects EOF so nothing has really changed then on shutdown.
So, on EOF on the input, we should look at the outstanding requests (say
off at the DC, awaiting a response) and wait for them to complete before
shutting down the helper?
> This very simple scheme buys two things
>
> a) For stateful helpers it allows the same helper instance to maintain a
> large number of sessions. In case of NTLM it allows the same helper to
> have multiple pending challenges.
Simply avoiding all those processes will make this a big saving.
> b) In all helpers it allows batching of several operations, reducing the
> amount of context switching required.
So squid could well ask for 4 challenges, one after the other?
> c) It (optionally at the helpers discretion) allows for the helper to
> respond to the pending queries in any order it likes, allowing the same
> helper instance to continue processing queries while waiting for external
> lookups such as winbind / DNS / databases / whatever.
I'm going to work more on this area, particularly as the single-threaded
winbindd goes away.
Andrew Bartlett
-- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net
This archive was generated by hypermail pre-2.1.9 : Tue Nov 30 2004 - 12:00:03 MST