Re: [squid-users] NTLM Authenticator with big requests number

From: Guido Serassio <guido.serassio_at_acmeconsulting.it>
Date: Tue, 13 Jan 2009 11:17:40 +0100

Hi Amos,

At 16.55 12/01/2009, Amos Jeffries wrote:
>Razvan Grigore wrote:
> >> From: Serassio Guido <guido.serassio_at_dont-contact.us>
> >> Date: Fri, 24 Jun 2005 09:37:06 +0200
> >>
> >> Hi,
> >>
> >> This behaviour is correct by Microsoft NTLM design. When negotiated,
> >> NTLM authentication cannot be cached:
> >> You are using "use_ntlm_negotiate on", so every Challenge/Response
> >> request must be handled from Winbind.
> >>
> >> When using "use_ntlm_negotiate on", max_challenge_reuses and
> >> max_challenge_lifetime are not (and cannot be) used.
> >>
> >> This is the only stable configuration using NTLM, disabling
> >> use_ntlm_negotiate is a worst option.
> >>
> >> Regards
> >>
> >> Guido
> >>
> >
> > Hello,
> >
> > I want to know if this is true.
>
>Very high likelihood of being true. Guido is the author of the NTLM
>negotiate code.

Not exactly, I'm the author of all the Windows NTLM and Negotiate
native helpers.
The majority of the Squid NTLM code comes from Kinkie, Robert and Henrik.

About the question, yes, this is the NTLM and Negotiate nature: there
is always a live challenge-response exchange between the client and
the NTLM/Negotiate server.

Please note, starting from Squid 2.6 the NTLM negotiation is hard coded to on.

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio_at_acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Tue Jan 13 2009 - 10:18:23 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 13 2009 - 12:00:03 MST