Could it be a reace where Squid is renegotiating the challenge in the
middle of a connetion? AFAIKT this cannot be done in MS-NTLM..
-- Henrik Nordstrom Squid Hacker Dr. Michael Weller wrote: > > Ok, first: > > as I said with only 1 authenticator all was reported to be fine. > I saw some (few) failures in the log though (same type as before). > > This time up to 13 requests in a row succeeded but sometimes less. Again, > never the first auth request after a connect failed. After starting squid, > no error occured for 60 minutes, then one error every 40 minutes (+/- 2 > minute variation).. This doesn't look too random. Ok, admitted, I had > raised the challenge time period, I'll now lower it to the default (even > below, I'll take 15 minutes). I'll see in my other logs if this could > allow for the errors in my previous 10 client config. However, i got the > errors in the default config. this was my first try. I also cannot > remember ever having seen a challenge refresh in the logs though. Maybe > this is broken? > > In the meantime, I made the attached hack to the ntlm_authenticator to > force a new challenge/connection every time. From a cryptographic approach > (my, a mathematicians, view) I think it is very odd to use the same > challenge for many users. From the logs it seems a challenge needs <1s and > should be ok IMHO (ntlm auth seems slow at the beginning anyway). Would be > nicer to provide the challenge befor waiting for a new request though (too > difficult for me now). Also I fear it could expire on an idle squid. > > Works right now, but I'll have it tested under stress tomorrow. > > Michael. > -- > > Michael Weller: eowmob@exp-math.uni-essen.de, eowmob@ms.exp-math.uni-essen.de, > or even mat42b@spi.power.uni-essen.de. If you encounter an eowmob account on > any machine in the net, it's very likely it's me. > > -- > To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Thu Oct 26 2000 - 18:37:05 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:52 MST