Re: Needing state in NTLMSSP

From: Robert Collins <robertc@dont-contact.us>
Date: 17 Jan 2003 11:50:33 +1100

On Fri, 2003-01-17 at 09:30, Henrik Nordstrom wrote:
> tor 2003-01-16 klockan 21.13 skrev Robert Collins:
>
> > Hmm.
> > here's the quandry: A failed digest auth should not drop persistent
> > connections. A failed basic auth should not drop persistent connections.
> > A failed NTLM auth should drop persistent connections.
> >
> > We only need to drop the conenction after sending a set of HTTP auth
> > challenges if NTLM is active. If NTLM is not active, IE does the right
> > thing and authenticates on the same persistent connection.
>
> Perfectly fine. Neither Andrew or me opposes this. What we oppose is
> having Squid even attempting to look into the NTLMSSP packets. The
> NTLMSSP is none of Squid's business.

I think we are all agreed about this.

> Connection management between Squid and the client is Squid's business,
> and if it is the case that rules like the above needs to be designed
> those will belong in Squid, and needs to be used as input when designing
> a correct helper protocol.

Good. Thats why I'm raising the issue now, for consideration. I'm not
claiming that what we have today is the best solution, and I'm very much
for getting what Andrew is suggesting implemented. I don't understand
some of what you are saying, partly because I think we interpret squids
current behaviour differently, and *that's* a problem.

Rob

-- 
GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.

Received on Thu Jan 16 2003 - 17:50:37 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:07 MST