On Sun, Sep 22, 2002 at 02:32:17PM +0200, Francesco Chemolli wrote:
> On Sun, 22 Sep 2002, Andrew Bartlett wrote:
>
> > Henrik Nordström wrote:
> > >
> > > On Fri, 20 Sep 2002 kinkie-ml@libero.it wrote:
> > >
> > > > > And I agree with Andrew on the response size issue, but until we have
> > > > > a decent possibility to support NTLMv2 it won't matter very much..
> > > >
> > > > Well, the winbind helper may even figure out what's going on and cope.
> > > > We'll never know until we try.
> > >
> > > Only if MS has totally flawed their own implementation of NTLMSSP. For
> > > NTLMv2 to work the challenge packet SHOULD indicate that NTLMv2 is
> > > acceptable, and the client SHOULD have requested NTLMv2 + target info.
> > >
> > > If we "fix" Squid to send the full NEGOTIATE packet to the helper and not
> > > reuse challenges implementing NTLMv2 using winbind should be a pretty
> > > trivial task, provided the winbind interface supports NTLMv2 responses.
> >
> > In thoery it should, but only in HEAD :-)
> >
> > I added a 'workstation' feild to the struct to cope with NTLMv2.
> > Naturally, this needs to be filled in... (charset is utf8 in that
> > struct, btw).
>
> Has the workstation field to contain the client's workstation name? Or can
> it be the proxy box's name?
If you want the NTLMv2 math to work it better be what the client thinks it is.
If you don't specify it, the proxy's name is used.
Andrew Bartlett
Received on Sun Sep 22 2002 - 10:14:27 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:35 MST