On Fri, 2003-01-17 at 19:57, Henrik Nordstrom wrote:
> Robert Collins wrote:
>
> > You are reading the code incorrectly. We *don't* need thousands of
> > helper children, and we don't block the helper based on the client.
> >
> > We multiplex requests from multiple NTLM authentications to each NTLM
> > helper. You can run with only one helper, if your helper is reasonable
> > fast in it's responses.
>
> Maybe. However I don't see how you can do this in a reliable manner if
> you add into the mix
>
> * Negotiate packets for correct NTLMSSP implementation
Turn off the current optimisations and we get this immediately, with a
few lines of glue code.
> * NTLMv2
We get this as a side effect of sending the negotiate to the helper.
>
> And even less if we later want to expand into supporting SPNEGO.
>
> Btw, SPNEGO is identital to NTLMSSP when it comes to requirements for
> Squid. Only differs in the helper.
Yep. I want to support SPNEGO at some point too. Just wish I had time to
hack the auth code at the moment, or I'd do Andrew's code changes for
him.
Oh, and I'm keen to see your overlapped (as opposed to multiplexed)
changes to the helper logic - that should help nicely across the board.
Rob
--
GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:07 MST