Re: [squid-users] NTLM Authenticator with big requests number

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 13 Jan 2009 23:43:42 +1300

Guido Serassio wrote:
> Hi Amos,
>
> At 16.55 12/01/2009, Amos Jeffries wrote:
>> Razvan Grigore wrote:
>> >> From: Serassio Guido <guido.serassio_at_dont-contact.us>
>> >> Date: Fri, 24 Jun 2005 09:37:06 +0200
>> >>
>> >> Hi,
>> >>
>> >> This behaviour is correct by Microsoft NTLM design. When negotiated,
>> >> NTLM authentication cannot be cached:
>> >> You are using "use_ntlm_negotiate on", so every Challenge/Response
>> >> request must be handled from Winbind.
>> >>
>> >> When using "use_ntlm_negotiate on", max_challenge_reuses and
>> >> max_challenge_lifetime are not (and cannot be) used.
>> >>
>> >> This is the only stable configuration using NTLM, disabling
>> >> use_ntlm_negotiate is a worst option.
>> >>
>> >> Regards
>> >>
>> >> Guido
>> >>
>> >
>> > Hello,
>> >
>> > I want to know if this is true.
>>
>> Very high likelihood of being true. Guido is the author of the NTLM
>> negotiate code.
>
> Not exactly, I'm the author of all the Windows NTLM and Negotiate native
> helpers.
> The majority of the Squid NTLM code comes from Kinkie, Robert and Henrik.

Ah, thats not the impression I got after reading the FAQ entry.
Apologies to all involved with that code.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11
   Current Beta Squid 3.1.0.3
Received on Tue Jan 13 2009 - 10:45:19 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 14 2009 - 12:00:03 MST