Hi Robert,
Il 23.31 07/09/2003 Robert Collins ha scritto:
>On Mon, 2003-09-08 at 04:03, Serassio Guido wrote:
>
>ntlm caching cannot be used with the windows backend, as you aren't
>choosing your challenge - it's being supplied.
My impression was correct.
The helper currently don't allow the reuse of a challenge with a sort of
two state architecture:
YR => TT with a challenge generated from a fake negotiate packet
KK => AF or NA
and again
YR => TT
KK => AF or NA
if a KK is got with an already used challenge, a BH is generated.
It seems that in Squid there is a problem:
I'm using auth_param ntlm max_challenge_reuses 0, but sometimes I get a KK
without a YR, the helper sends a BH to squid and Internet Explorer pop-ups
for authentication.
>Kinkie has a patch in development to supply the negotiate to the helper,
>and force the squid.conf settings to a compatible level.. will try to
>find time to review it, so we can move it along.
Very interesting, the helper is ready for the real NEGOTIATE packet.
Regards
Guido
-
=======================================================
Serassio Guido
Via Albenga, 11/4 10134 - Torino - ITALY
E-mail: guido.serassio@serassio.it
WWW: http://www.serassio.it
Received on Mon Sep 08 2003 - 03:11:28 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:40 MST