mån 2003-03-03 klockan 12.27 skrev Gary Price (ICT):
> thanks for your words of wisdom. Questions...
> 1. The first indication that NTLM is required is that the server responds with 401, and requests NTLM authentication. So the first
> thing to look at is the response header from the origin server. Subsequently you can look at request headers. Or at least so I
> thought. Can you expand on that part a little?
You do not need to care about the NTLM invitation sent by the server as
this is merely a invitation indicating that NTLM may be used and not
actually part of the NTLM (or NEGOTIATE) authentication.
What you need to care about is the start of the negotiation initiated by
the client in response to the invitation sent by the server.
> 2. I am know nothing of what squid is doing with piplined requests - is it implementing something like HTTP/1.1? Is there somewhere
> I can read about it? Not that it matters, as I will switch it off for the relevant connections.
Squid operates according to RFC2616 wrt pipelined requests and proxies..
Squid does not pipeline requests on server connections due to the
complexity involved, but when receiving pipelined requests from the
client it may process up to 2 requests in parallell to compensate for
not doing pipelined server connections.
This currently involves opening a second connection to the server even
if there is only one connection from the client and is why it becomes
incompatible with connection oriented authentication.
The code involved in this can be found in clientReadRequest IIRC.
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Mon Mar 03 2003 - 06:18:54 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:24 MST