On Sunday 24 February 2002 06:09, Robert Collins wrote:
> Another data point for why we are looking at putting the challenge
> generation into squid :].
I don't agree on such design.
You then need negotiation betwen Squid and the helper on all the
authentication methods the helper is capable of supporting.
Extending the helper to add for example NTLMv2 and Kerberos in the
current scheme is very simple, provided they fit in the same
three-way handshake and you know the two protocols. Doing the same to
Squid is not as simple.
Also, if someone adds a third party authentication mechanism then
again the same thing.
A move that could be smart it to (optionally) allow multiplexing of
requests on a helper. Either by using a virtual "connection number"
in the requests when talking to the helper, or by echoing back the
challenge together with the authentication package. (I prefer
"connection number" approach I think).
Regards
Henrik
Received on Sat Feb 23 2002 - 22:30:29 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:48 MST